With the revised Data Protection Act (RevDSG), Switzerland has taken an important step towards stronger data protection regulations in order to bring the level of data protection into line with that of the European Union and to ensure that Swiss companies remain compliant with the European market when it comes to data traffic.

‍

background

The RevDSG was developed with the aim of strengthening the protection of personal data and responding to developments in digital technologies and the increasing importance of the data economy. The new law brings with it some significant changes and also takes into account the principles of the European General Data Protection Regulation (GDPR). Even though the RevDSG was developed independently, the similarities with the GDPR cannot be overlooked, as facilitating data exchange with EU countries was a central concern of the revision.

Priority areas of the RevDSG

1. Stronger privacy protection: The RevDSG places an increased focus on the rights of data owners, including the right to information, correction and deletion of their data.
2. Transparency principle: Organizations are required to be more transparent about their data processing practices and to provide relevant information in a clear and understandable way.
3. Data protection impact assessment: Similar to the GDPR, companies must carry out a data protection impact assessment as part of the RevDSG if data processing poses a high risk to the personal rights of those affected.
4. Data protection through technology design and privacy-friendly default settings: Data protection should be integrated into products and services from the outset (“Privacy by Design”) and privacy-friendly default settings should form the standard (“Privacy by Default”).
5. Reporting obligation in case of data breaches: In the event of a data breach, organizations are required to report it to the competent supervisory authority within 72 hours, provided that it is likely to result in a high risk to the personal rights and freedoms of the data subject.
6. Data Protection Officer: Similar to the GDPR, the RevDSG also has provisions for the appointment of a data protection officer, although the exact requirements and circumstances may differ.

Challenges and opportunities

With the implementation of the RevDSG, Swiss companies are encouraged to review and adapt their data protection practices. Although this is a challenge, it also offers opportunities to create trust with customers and develop data-driven business models in line with robust data protection standards.

graduation‍

The RevDSG pursues the laudable goal of strengthening data protection in Switzerland and remaining internationally competitive. Companies and organizations are well advised to familiarise themselves with the requirements of the new law at an early stage and to make appropriate adjustments to their data processing processes.

‍