Search

Data protection: More legislation and rights in Switzerland

  • Extension of rights of affected parties
  • Rules on forwarding data to third parties
  • It is new that the law now only applies to natural persons, not legal ones.
As of 1 September 2023, new data protection regulations apply in Switzerland too. In light of the European General Data Protection Regulation (GDPR) which came into force in 2018, the finalization and introduction of the revised Swiss Data Protection Act (DPA) became a matter of urgency, especially as the old Data Protection Act from 19 June 1992 no longer met the increased requirements.

After extensive political wrangling, the Parliament passed the law on 25 September 2020. The Federal Council then issued the associated decree on 31 August 2022. The revised Swiss Federal Act on Data Protection (DPA) comes into force on 1 September 2023.
The most important updated points mainly relate to the extension of the rights of the affected parties: 

  • Extended information obligation when obtaining personal data
  • Extended right of information
  • Right to correction, erasure or restriction of processing and disclosure
  • Right to data portability
  • Rules for profiling with high risk and for automated case-by-case decisions

What is new is that the law only applies to natural persons, not legal ones.

Daniel Bucklar
Corporate Legal Counsel, EOS Schweiz
The DPA also governs disclosing data to third parties and standardization of order processing. Another key area relates to data transfer abroad and the organizational measures to be taken when processing personal data.

New organizational obligations for companies

The Data Protection Act sets out new organizational obligations for companies, e.g. keeping a record of data processing activities (for companies with ≥ 250 employees), reporting data protection infringements, data protection follow-up assessment and handling of data protection through technology and default settings. 

It is also new that the law only applies to natural persons, not legal ones. Last but not least, the sanctions for deliberate infringements have been made substantially stronger, with fines of up to 250,000 francs for private individuals.

EOS is putting up a group-wide data protection shield

Data protection involves not only organizational measures, but is also closely linked to IT security. This article explains what EOS is doing for cyber security across the group.
Read more
Cyber Security hat für EOS höchste Priorität. Dafür baut das Unternehmen einen internationalen Schutzschirm auf.

Further information on data protection in Switzerland? Just get in touch.