The new data protection law comes into effect on 1 September. Since it does not provide for any transition periods, it is high time for companies to make all necessary adjustments.
The new data privacy law is very extensive and affects almost all Swiss companies.
The most important changes of the nDSG are:
- Scope of application: Like the GDPR, the revised DSG is limited to the data protection of natural persons – instead of data of legal persons as before. Genetic and biometric data are now also considered to be particularly worthy of protection.
- Obligation to provide information: when acquiring personal data
- List of processing activities: all data processing by the entire company must be recorded and precise information must be provided and updated on an ongoing basis
- Data protection impact assessment: Companies are now obliged to carry out a data protection impact assessment if data processing entails a high risk for the personality of the data subject.
- Profiling: The nDSG also regulates profiling, i.e. automated data processing to evaluate certain personal aspects of a person such as economic situation, health, interests, behavior, whereabouts, etc.
- Reporting of data protection violations: Data security violations, i.e. unintentional or unlawful loss, deletion, destruction, modification or unauthorized access to personal data, must now be reported to the FDPIC as quickly as possible (according to the GDPR within 72 hours).
- Liability and catalog of fines: While on the one hand the maximum fine of CHF 250,000 in the nDSG is well below the GDPR, the nDSG new data protection law sees the fine as a sanction for criminal behavior, while the catalog of fines in the GDPR tends to strengthen the motivation for general regulatory intended for conformity. This different starting point means that according to the nDSG not (only) the violating company can be fined, but also the person directly committing the violation (e.g. the employee who commits the data protection violation).
- Privacy-by-design and privacy-by-default (data protection by technology and data protection-friendly default settings): When processing personal data, appropriate technical and organizational measures must be taken “from the planning stage” which implement data protection principles (e.g. data minimization) ensure in these systems
holistic and integrated data governance
DataGovernance Technologies offers an integrated platform with features such as data cataloguing, data protection and data quality, lifecycle management and access logging that enable and demonstrate compliance with nDSG, GDPR compliance and governance.
With a few mouse clicks, companies get answers to important questions such as e.g.:
- Where is personal data about customers, employees, patients, etc. located stored?
- What is the relationship between the people and the organization?
- Is the content still relevant to the business? Is the data sensitive? Who has access to what?
Data objects can be tagged directly from the analysis or classified, protected, moved, archived or deleted in a controlled manner on the file system. Enterprise deletion processes can be automated.
processes and functions
We are a member of “Swiss Made Software”. It is associated with Swiss values such as quality, reliability and precision in software development – and all of that very close to you.
