Cookies and third-party cookies are activated on this page in order to offer you the best possible service and to provide information and offers. By using the Internet pages of Helvetia, you declare your agreement and consent to data processing by Helvetia. Further information - including how to deactivate cookies - can be found in the Privacy Policy.

  • I am interested in
    Please check your internet connection
    No results found
    Please get in contact with us. To contact form
Expert tips
Liability & law
Corporate customers

EU data protection: New duties for Swiss SMEs

The new European General Data Protection Regulation comes into force at the end of May. These directives may also affect Swiss companies. What does their introduction mean for SMEs and how can they protect themselves against unintentional data protection infringements resulting from hacker attacks?

17 March 2018, author: Jan Kleiner, photo: Hetzmannseder/Jan Kleiner

The European General Data Protection Regulation (GDPR) tightens up the legislation in the field of data protection throughout the EU. It includes a large number of new obligations. Not only are EU companies affected, but those in Switzerland too.

Swiss SMEs affected

The Regulation can also apply to data processing which is carried out outside the EU – including in Switzerland. A company is affected if it offers goods or services to individuals in the EU, or if the behaviour of individuals inside the EU is observed. For that reason these directives can also have legal consequences for companies based in Switzerland.

Intensified sanctions

The Regulation provides for numerous new documentation and certification obligations. Companies may now also be obliged to employ a data protection officer. The rights of the affected private individuals are being extended and various organisational, technical or administrative obligations are now also being introduced. If the data protection regulations are infringed, harsher sanctions will be applied. In the worst case, companies face a fine amounting to EUR 40 million or 4% of global annual turnover.

New obligations in the event of a hacker attack

In the event of a data security infringement, in particular a hacker attack, companies will have to fulfil new obligations. They will have to respond quickly and report to the responsible data protection authority, if possible within 72 hours Depending on the circumstances, any affected individuals, for example whose data has been stolen, will have to be informed immediately.

Well protected with cyber insurance

Particularly in such cases, Helvetia provides support with cyber insurance quickly and with no complications: IT experts are engaged to assist a company, for example in the area of IT forensics, for instance with the frequently difficult task of discovering the extent to which data have been misappropriated External legal advisors clarify whether and to what extent it is necessary to report to the authorities and/or the affected parties. In view of the short response times and as a result of the impending fines, Helvetia's cyber insurance can provide protection against high follow-up costs and provide fast, efficient and targeted assistance in the event of a claim.

Helvetia cyber insurance

Jan Kleiner

Jan Kleiner works as a solicitor in Zurich. He is a specialist in such questions as data protection. As part of the Helvetia network, he also advises Helvetia's cyber insurance customers.

Recommend this page
Please check your internet connection