The new Swiss Data Protection Act will apply from 1 September 2023
The revised Swiss Data Protection Act (new DPA), with significant innovations, comes into force from 1 September 2023 in force.
The requirements for processing personal data have been made stricter. As an entrepreneur, it is therefore advisable to review your current guidelines and data protection declarations and adapt them if necessary.
Good to know:
Various changes are imminent, the two most significant of which are as follows:
Now not only companies, but also the responsible persons (owners and employees) are the focus of criminal proceedings. The maximum fine increases from CHF 10,000 to CHF 250,000.
Similar to the GDPR, the scope of the revised DPA will be limited to the data protection of natural persons - unlike previously, where it also included the data of legal persons.
Is it possible to wait until the new DPA is introduced and only deal with data protection issues afterwards?
This is not advisable. Many Swiss companies already have to fulfil stricter data protection requirements, especially those that have business relationships with the EU. For all others, it will be urgent to take measures at the latest when the introduction of the new data protection law is imminent. There are no transitional periods: as soon as the specified start date is reached, the new data protection law will come into force and must be complied with immediately.
What steps can I take to prepare for the upcoming DPA and how can I ensure my data security?
In order to prevent a (possibly) wilful breach, we recommend that you take measures to implement the new data protection law in good time. The best way to do this is to measures are already being taken to fulfil the requirements of the new law, such as information obligations or requests for information.
