The protection of your data in Switzerland
New data protection law in Switzerland
The new data protection law in Switzerland will come into force soon.
What should we expect?
What are the differences with GDPR ?
And how does this law protect us?
Barraud Consulting enlightens you on the new data protection law (LPD).
LPD and GDPR, what are we talking about?
The protection of your personal data: what exactly is the personal data?
A ” personal data ” is “any information relating to an identified or identifiable natural person”: surname, first name, telephone, image but also location, age or tastes and habits.
-> The acronym GDPR stands for: “General Data Protection Regulation”. The GDPR regulates the processing of personal data in the European Union.
It harmonises the rules in Europe by offering a single legal framework to professionals.
Any organization regardless of its size, its country of establishment and its activity, can be concerned.
Indeed, the GDPR applies to any organization, public and private, that processes personal data on its behalf or not, as soon as:
- it is established in the territory of the European Union,
- or that its activity directly targets European residents.
A company established in Switzerland, offering an e-commerce site in French delivering products in France must comply with the GDPR.
-> The new Federal Data Protection Act (FADP) contains the cross-sectoral rules to be complied with in general when processing personal data.
The LPD defines the fundamental principles and requirements to ensure the lawful processing of personal data:
- Principle of transparency: all data processing must take place in a transparent manner.
- Principle of purpose: the data collected must only be used for purposes that are obvious to the data subject; the data must only be collected, stored, disclosed and processed to the extent that these purposes so require.
- Consent to data processing: where the processing of data requires the consent of the data subject, such as in the context of human research, such consent will only be legally valid if it has been given freely, on the basis of appropriate information, and explicitly in the case of particularly sensitive data.
- Right of revocation: consent to data processing may be revoked by the data subject at any time.
- Data security: personal data must be protected against unauthorised processing by appropriate technical and organisational measures.
- Right of access: any person is entitled to ask the holder of a data collection for information on the processing of data concerning him.
- Obligation to provide information: the holder of a data collection is obliged to inform the data subject about the acquisition of particularly sensitive personal data. This information obligation also applies to data collected by third parties.
- Cross-border disclosure: Personal data must not be disclosed abroad if this would entail a serious risk to the personality rights of data subjects.
What are the objectives of the new LPD?
The Swiss data protection law, which has existed since the 1990s, is now outdated. The rise of digital technology makes it necessary to revise it. It must also be adapted to the European Data Protection Regulation (GDPR).
The primary objective of this new law is obviously the protection of the personal data of Internet users.
On the other hand, harmonizing the LPD with the data protection system in force in the European Union ensures that Switzerland is recognised as a third country with a sufficient level of protection, so that a easy exchange of data between Switzerland and the EU remains possible in the future.
New LPD, soon to be applied
The revised LPD was announced for the 2nd half of 2022.
The Federal Office of Justice has just announced a possible delay, which would push this date to 1 September 2023.
In view of the fact that there is no transition period, any company must verify its compliance with the new legislation in good time and know the consequences.