New Swiss Federal Act on Data Protection – what does it mean for companies?

Binary code with PC keyboard: One key shows a plus sign, the other the word 'Legislature'.

The new Swiss Federal Act on Data Protection (nFADP) will come into force on September 1, 2023, replacing the existing Data Protection Act of 1992. The nFADP is adapted to the requirements of the EU General Data Protection Regulation (GDPR) and is intended to improve the protection of personal data in Switzerland.

With the revised Data Protection Act, companies will be subject to stricter rules when processing personal data. All companies should update their privacy policies and statements by the time the new law comes into effect.

By the end of January 2023, the total amount of GDPR fines across Europe had risen to 1.64 billion euros.

The most important changes at a glance:

Adapting to changing technological and social conditions (cloud computing, big data, social networks, Internet of Things).
Strengthening data subjects' control over their data.
Introducing the right to be forgotten.
Creation of a Data Protection Officer for companies processing particularly sensitive data and/or personal data of EU residents.
Increase fines for violations of data protection laws.
Expands the jurisdiction of the Federal Data Protection and Information Commissioner (FDPIC).
Genetic and biometric data are now considered particularly sensitive.

Illegal data processing is one of the most punished violations.

What are the consequences of not complying with the new rules?

If a company has not adapted its data protection policies and declarations by September 1, 2023, investigations may be initiated, which could lead to the interruption of data processing or the deletion of data. Violations of the FADP can result in fines of up to CHF 50,000 for companies and CHF 250,000 for individuals.

In addition, it is important that companies train their employees on the new data protection law, as many employees have access to personal data and thus play an important role in ensuring compliance with the data protection law and data protection rights.

The German data protection authority imposed 453 fines in 2022.

Why you should train your employees on data privacy compliance

All companies that process personal information must ensure that all employees who come into contact with that information understand and practice data protection. Training helps employees learn how to handle personal information securely and protect it from falling into the wrong hands, whether accidentally or intentionally. In doing so, they help reduce data breaches and the risk of sanctions and legal consequences.

In addition, employee training can help raise employee awareness of the importance of data privacy and increase customer and business partner confidence in the company.

Overall, employee privacy training is an important step in ensuring that a company handles personal information securely and responsibly.

In 2022, 21,170 data breach reports were submitted to the German supervisory authority.

How can employees be trained?

Holistic employee training can be carried out, for example, using e-learning or, in the best case scenario, combined in a campaign.

We have updated our data protection e-learning and campaign materials to reflect the new Swiss Federal Act on Data Protection. Use it now to prepare your employees for the new FADP and avoid data processing violations.

>> MAKE AN APPOINTMENT NOW <<

For more information on the new Federal Act on Data Protection, please visit the Swiss federal government's website.

‍

Sources:

1: haufe.de: DSGVO-Bußgeldsumme stieg im Jahr 2022 auf 1,6 Milliarden EUR (1.2.2023)

2: dsgvo-portal.de: Rückblick DSGVO-Bußgeldverfahren und Datenpannen 2022 (28.2.2023)

3: axa.ch: New Data Protection Act: What do Swiss companies need to be aware of? (4.3.2022)

‍