The new Swiss Data Protection Act (DPA) from September 1, 2023: What you need to know
Since its introduction, the Swiss Data Protection Act (DPA) has established itself as a key instrument for ensuring the protection of personal data in Switzerland.
On September 1, 2023, a revised version of the DPA will come into force, which will have a significant impact on businesses, especially website owners and small and medium-sized enterprises (SMEs).
This article provides a comprehensive overview of the key changes and what they mean for your business. Since its introduction, the Swiss Data Protection Act (DPA) has established itself as a key instrument for ensuring the protection of personal data in Switzerland.
On September 1, 2023, a revised version of the DPA will come into force, which will have a significant impact on businesses, especially website owners and small and medium-sized enterprises (SMEs).
This article provides a comprehensive overview of the key changes and what they mean for your business.
1. background and context
Digitalization and the rapid development of technologies have revolutionized the way in which data is collected, processed and stored.
In this context, the FADP has been revised to ensure the protection of personal data in the modern digital landscape and at the same time strengthen Switzerland’s position in the international data protection environment.
2. main changes in the new DSG
2.1.
Erweiterter Anwendungsbereich The new DPA has an extended territorial scope of application.
It applies not only to companies based in Switzerland, but also to companies outside Switzerland that process the data of Swiss residents. 2.2.
Stärkere Rechte für betroffene Personen Data subjects now have extended rights, including the right to information, the right to access their data, the right to rectification and the right to erasure.
Companies must ensure that they have mechanisms in place to implement these rights effectively. 2.3.
Datenschutz-Folgenabschätzung Under certain circumstances, companies must carry out a data protection impact assessment before processing personal data.
This is particularly the case if the data processing poses a high risk to the rights and freedoms of the data subjects. 2.4.
Datenschutzbeauftragter Companies that regularly and systematically process personal data must appoint a data protection officer.
This officer is responsible for monitoring compliance with the DPA and serves as a point of contact for data protection issues.
3 What does this mean for website owners?
3.1.
Cookies und Tracking-Tools Website owners must be more transparent about the use of cookies and other tracking tools.
Visitors must have the opportunity to give or refuse their consent before such tools are activated. 3.2. Privacy policy Every website that collects personal data from visitors must have a clear and comprehensible privacy policy that provides information about the type of data collected, the purpose of the processing and the rights of the data subjects.
4 What does this mean for SMEs?
4.1.
Datenverarbeitungsregister SMEs must keep a register of data processing activities.
This register should contain all processing activities, the purposes of the processing and the categories of data concerned. 4.2.
Schulung und Bewusstsein SMEs should ensure that their employees are informed about the provisions of the DPA and receive regular training on data protection compliance. 4.3.
Verträge mit Datenverarbeitern If SMEs engage service providers to process personal data on their behalf, they must ensure that these contracts meet the data protection requirements of the new DPA.
5. conclusion
The new DPA brings with it significant changes that are relevant for both website owners and SMEs.
It is crucial to familiarize yourself with the new requirements at an early stage and make the necessary adjustments to avoid fines and reputational damage.
Compliance with the DPA is not only a legal obligation, but also an opportunity to build customer trust and emphasize the value of data security in the modern business world.
Disclaimer: This text in no way claims to be 100% valid and legally binding.
Please always consult your lawyer and data protection partner for information on the subject of data protection.
Zur Blog-ÜbersichtWebsite & Online Shop – Datenschutz DSG konform, Checkliste Datenschutz revDSG
