Now that the European General Data Protection Regulation (GDPR) has been in force in the European Economic Area for some time, the Swiss Data Protection Act has also been adapted. This will come into force on September 1, 2023 and will lead to a tightening of the previous requirements.
Swiss companies that did not or only partially implement the GDPR should therefore adapt the new Swiss rules. This applies in particular (but of course not only) to supervised financial institutions.
The implementation includes, on the one hand, a revision of the data protection declarations that are used vis-à-vis customers and business partners. Further, an internal data protection declaration for employees should be drawn up.
Depending on the specific case, it is among other also advisable to create a directory of data processing activities, review the contractual relationships with outsourcing and IT/software service providers who process personal data, and analyze the processes for providing information on data processing and the IT infrastructure with regard to data security.
We support you in analyzing your options for action and in developing efficient and proportionate data protection compliance.