What important changes in data protection does the new law bring?
There are a number of changes that come with the new law. Above all, anyone who is digitally active should get to grips with the DPA. This applies regardless of whether it is digital services, e-commerce or just a web presence. Here are some examples of what the adjustments entail:
- In the future, the evaluation of customer data will require the express consent of the customer.
- Furthermore, the law stipulates that systems must be designed to ensure privacy by design. This means that the accumulation of user information is limited to the minimum.
- A duty to provide information is also anchored in the new FADP. It gives private individuals the right to obtain information about the scope of their stored data.
- Companies are therefore obliged to name a responsible contact person. In the future, however, only private individuals will be protected by the DPA.
- Legal entities, for example an AG or a GmbH, will no longer be able to invoke the DPA.
The complete Federal Data Privacy Act can be viewed and downloaded on the Internet.
When does the Data Protection Act come into force?
The revision of the data protection law in Switzerland took a long time. The current version dates back to 1992, and the EU's General Data Protection Regulation (GDPR) has put additional pressure on Switzerland to make adjustments to the law itself.
Switzerland's parliament accepted the amendments to the law on September 25, 2020, and the Federal Council decided in January 2021 that the revised Data Protection Act would enter into force. The associated data protection ordinance (VDSG), which is still missing, is currently being drafted by the Federal Council. Switzerland will have to comply with both sets of laws by mid-2022 at the earliest.
What are the penalties for violations of the new data protection law?
The new data protection law provides for comparatively harsh penalties if the rules are violated. This ranges up to fines of CHF 250,000. Not only companies are sanctioned, but also those responsible directly. Thus, CEOs, CIOs and other responsible persons are potentially affected.
Another sanction relates to the future processing of personal data. Companies and organizations that have attracted attention due to violations can be sanctioned by the FDPIC. It can prohibit the processing of personal data or demand the deletion of certain information.
What is the best way for companies and website operators to respond to the changes in data protection?
Companies in Switzerland should deal with the new law at an early stage. Data protection and security in IT are central topics in every company. Nevertheless, they sometimes receive too little attention. It is important to identify the areas in which your company is affected. Then the necessary adjustments can be implemented stress-free and in good time.
A good start is to take stock of the systems that process personal data. Then, with the help of a gap analysis, it can be determined in which areas adjustments to the new law are necessary. This should also be done if you have already prepared such an analysis in connection with the European General Data Protection Regulation. The Swiss DPA differs from the European Regulation in various respects.
These are some of the points that you need or should review in the context of the new data protection law:
- Data privacy statement
- Export of data
- Right to information
- Contracts for commissioned data processing
- Documentation obligations
- Data breach notifications
It also makes sense to plan employee training in good time. The creation of a data protection compliance is helpful. In this way, it is possible to raise awareness of the upcoming topic.
In any case, the website is affected. When visiting your web portal, users usually leave data behind. Here, consent to data processing is necessary (e.g., via a cookie banner). Alternatively, it must be possible to object directly to the storage of data.
cloudtec helps with compliance with the new data protection law
We offer you a complete package with which you no longer have to worry about data protection on your website. You will be on the safe side in terms of data protection. With our package, we offer both a collection of tools that we have selected for ensuring data protection, as well as administrative services, such as an annual review meeting, in which we show which measures can be further implemented.
The following services are included in cloudtec's complete package:
- Integration of the Cookiebot incl. customer-specific requirements and CI/CD
- Daily control of the data protection functionalities with Ghostinspector
- Regular analysis of the Cookiebot data
- Annual analysis and revision of the data protection situation
- Annual review meeting with the customer
The Cookiebot for data protection-compliant tracking
The Cookiebot is a software that checks and manages cookies, generated by your website . You still have control over the form in which the cookies are stored. In addition, we will be happy to help you configure helpful cookies that are also privacy compliant.
The Cookiebot appears on your website as a cookie banner, whereby the user has the possibility to influence the storage and processing of his own data. The banner is of course adapted to your CI/CD and complies with general data protection laws.
The Ghostinspector constantly monitors your website
With the Ghostinspector we use a test tool that enables a permanent check of your data protection settings. In this way, we continuously check whether the data protection functionalities on the website are still available without any problems. If problems arise in the area of cookies, data protection or other relevant points, immediate intervention is possible.
At the same time, Ghostinspector is also a helpful tool for searching for bugs. Thus, you receive valuable data in this area as well and recognize problems on your web presence at an early stage.
Prepare your web presence for the new Swiss data protection law
Those who adapt to the new law in time are on the safe side as far as data protection is concerned. Violations are to be avoided, because they result in severe penalties. cloudtec helps you with the practical implementation of the data protection rules on your website.
Thus, we create together with you the data protection text as well as the imprint for your website. If you use our complete offer, we continuously control your website. In this way, you are permanently protected against potential violations of data protection laws. This concerns the data protection page, cookies as well as possible legal changes. We also provide you with professional tips on the subject of data protection.
Are you looking for qualified support in implementing the new data protection law? Use our contact form, and we will make you a personal offer.