Revised Data Protection Law for Switzerland (revDSG)

In the digital age, where data is considered a valuable resource, legal regulations for the protection of personal data are essential. With the revised Data Protection Act (revDSG), Switzerland has taken an important step toward stronger data protection regulations in order to align the level of data protection with that of the European Union and to ensure that Swiss companies remain compliant with the European market when it comes to data traffic.

Background

The revDSG was developed with the aim of strengthening the protection of personal data and responding to developments in digital technologies and the increasing importance of the data economy. The new law brings some significant changes and also takes into account the principles of the European General Data Protection Regulation (GDPR). Even though the revDSG was developed independently, the similarities with the DSGVO cannot be overlooked, as facilitated data exchange with EU countries was a central concern of the revision.

Focal points of the revDSG

  1. Stronger privacy protection:
    • The revDSG places an increased focus on the rights of data holders, including the right to access, correct and delete their data.
  2. Transparency principle:
    • Organizations are required to be more transparent about their data processing practices and provide relevant information in a clear and understandable manner.
  3. Privacy Impact Assessment:
    • Similar to the GDPR, companies must conduct a data protection impact assessment under the revDSG if the data processing poses a high risk to the personal rights of the data subjects.
  4. Data protection through technology design and data protection-friendly default settings:
    • Data protection should be integrated into products and services from the outset ("Privacy by Design") and data protection-friendly default settings should form the standard ("Privacy by Default").
  5. Duty to report data breaches:
    • In the event of a data breach, organizations are required to report it to the relevant supervisory authority within 72 hours if it is likely to result in a high risk to the personal rights and freedoms of the data subject.
  6. Privacy Officer:
    • Similar to the GDPR, there are provisions in the revDSG for the appointment of a data protection officer, although the exact requirements and circumstances may differ.

Challenges and opportunities

With the implementation of the revDSG, Swiss companies will be required to review and adapt their data protection practices. Although this is challenging, it also offers opportunities to build trust with customers and develop data-driven business models in line with robust data protection standards.

Conclusion

The revDSG pursues the laudable goal of strengthening data protection in Switzerland and remaining internationally competitive. Companies and organizations are well advised to familiarize themselves with the requirements of the new law at an early stage and to make appropriate adjustments to their data processing procedures.