At Lunch & Law on 24 January 2018, Julia Bhend and Kaj Seidl-Nussbaumer provided a practical overview of new developments in data protection law, in particular the EU General Data Protection Regulation (GDPR) and the revision of the Swiss Data Protection Act (DSG).
More responsibility for companies
With the EU GDPR coming into force on 25 May 2018 and the ongoing revision of the Swiss FADP, companies are being held more accountable. New requirements include extended information obligations, expanded rights for data subjects and high penalties for violations – up to € 17 million or 4% of global annual turnover.
Practical implementation steps
Companies are required to adapt and document their data protection processes. The speakers made the following recommendations in particular:
- Creation of a processing directory,
- Review of consent and information processes,
- Adaptation of contracts and data protection declarations,
- Training of employees,
- Implementation of a process for reporting data protection violations.
A key success factor is a risk-based approach: data protection compliance must become a management issue.
Conclusion
The new data protection law requires not only legal but also organisational adjustments. Those who act in good time can use data protection as a factor in building trust and competitiveness.
The presentation for the event can be viewed here.
