On 25 May 2018, the new basic EU data protection regulation (DSGVO = GDPR) will enter into force. What should be considered?
The new basic EU data protection regulation is based on the 1995 Directive 95/46/EC (Data Protection Directive) and retains the basic data protection principles. What exactly does this mean for Swiss companies?
After its enforcement on 25 May 2018, the new EU basic data protection regulation will apply throughout the European Union. However, many Swiss companies are also directly affected, especially if they have branches or subsidiaries in the EU, employ people resident in the EU or possess and process data of EU citizens. Since the use of Google Analytics or other analysis tools for visitor registration have also been included recently, practically every company in Switzerland is affected by the EU DSGVO.
With regard to the information law, the data subjects must be fully informed about data processing (the purpose and legal basis of data processing, duration of data storage, data recipient, etc.).
Consent for data processing must be given in a clear, transparent form. The given consent can also be revoked at any time. The data subjects have the “right to forget“, according to which the deletion of stored data can be requested at any time.
In addition, a distinction is made between Privacy by Design and Privacy by Default:
If security gaps are detected in the system (Privacy Breach), the competent regulatory authority must be notified immediately and, if possible, within 72 hours of the incident. Organizations are obliged to provide sufficient technical and organizational resources to remedy security gaps immediately.
Responsibility for adherence with the EU DSGVO is assumed by each individual processor of personal data, who is subject to accountability.
Companies are required to completely rethink their data processing processes and to design them more effectively. In this case, there is no sample solution that fits everywhere. The implementation of the EU DSGVO requirements in the company is determined by internal company-specific processes. Therefore, it is expected that compliance management is to become increasingly important in order to sensitize and train all concerned employees with regard to the new EU DSGVO.
If you have any questions, kindly do not hesitate to contact us.