Author: Dr. Astrid Tran-Glück, Certified Data Protection Officer
The first Swiss Federal Act on Data Protection (FADP) entered into force in 1993 – a time when the internet was not yet used commercially and when today’s digital reality, shaped by cloud computing, big data, social media and the Internet of Things, was still a long way off. Following a partial revision in 2008 that sought to better inform the public about how their data was processed, it quickly became clear that further amendments were necessary. In 2019, the National Council adopted the total revision of the whole act, which the Federal Assembly then approved on 25 September 2020.
It is now official that the new FADP will come into force in September 2023. Within this time, the private sector and federal authorities will have to adapt their processing of personal data to the new provisions.
What are the most important new features of the fully revised Data Protection Act for our industry?
• The current definition of sensitive personal data has been extended to include genetic and biometric data.
• Businesses can designate a data protection officer who, if professionally independent and autonomous, can be referred to for in-house advice without having to consult the Federal Data Protection and Information Commissioner (FDPIC).
• If the planned processing may involve a high risk to the privacy or the fundamental rights of data subjects, data controllers from the private sector must now also carry out a prior data protection impact assessment.
• Besides the operators of data processing systems or programs, manufacturers can also have their systems, products and services certified.
• Both data controllers and data processors are now required to keep a list of all data processing activities.
• If cross-border disclosure of personal data is planned, the countries must be indicated, and it has to be ascertained that the legislation in the third country guarantees adequate protection.
• A private data controller must appropriately inform data subjects in advance every time personal data is collected. Businesses will have to review and update their privacy policies accordingly.
• A data subject now has the option of receiving the personal data that they have provided to a private controller in a commonly-used and machine-readable format, or having it transmitted to a third party.
• The new FADP sets out fines for private persons of up to CHF 250’000.
How can you deal with the challenges and risks of the new FADP? How can this be done in a lean and budget-friendly way?
PMS offers the support from subject matter experts to build a solid data protection management system, along with the supervision by a certified data protection officer.
Don’t hesitate to get in contact with us: info@pmsystem.ch
The new Federal Act on Data Protection enters into force in September 2023 - How well are you prepared?
Author: Dr. Astrid Tran-Glück, Certified Data Protection Officer
The first Swiss Federal Act on Data Protection (FADP) entered into force in 1993 – a time when the internet was not yet used commercially and when today’s digital reality, shaped by cloud computing, big data, social media and the Internet of Things, was still a long way off. Following a partial revision in 2008 that sought to better inform the public about how their data was processed, it quickly became clear that further amendments were necessary. In 2019, the National Council adopted the total revision of the whole act, which the Federal Assembly then approved on 25 September 2020.
It is now official that the new FADP will come into force in September 2023. Within this time, the private sector and federal authorities will have to adapt their processing of personal data to the new provisions.
What are the most important new features of the fully revised Data Protection Act for our industry?
• The current definition of sensitive personal data has been extended to include genetic and biometric data.
• Businesses can designate a data protection officer who, if professionally independent and autonomous, can be referred to for in-house advice without having to consult the Federal Data Protection and Information Commissioner (FDPIC).
• If the planned processing may involve a high risk to the privacy or the fundamental rights of data subjects, data controllers from the private sector must now also carry out a prior data protection impact assessment.
• Besides the operators of data processing systems or programs, manufacturers can also have their systems, products and services certified.
• Both data controllers and data processors are now required to keep a list of all data processing activities.
• If cross-border disclosure of personal data is planned, the countries must be indicated, and it has to be ascertained that the legislation in the third country guarantees adequate protection.
• A private data controller must appropriately inform data subjects in advance every time personal data is collected. Businesses will have to review and update their privacy policies accordingly.
• A data subject now has the option of receiving the personal data that they have provided to a private controller in a commonly-used and machine-readable format, or having it transmitted to a third party.
• The new FADP sets out fines for private persons of up to CHF 250’000.
How can you deal with the challenges and risks of the new FADP? How can this be done in a lean and budget-friendly way?
PMS offers the support from subject matter experts to build a solid data protection management system, along with the supervision by a certified data protection officer.
Don’t hesitate to get in contact with us: info@pmsystem.ch