17 March 2018, author: Jan Kleiner, photo: Hetzmannseder/Jan Kleiner
The European General Data Protection Regulation (GDPR) tightens up the legislation in the field of data protection throughout the EU. It includes a large number of new obligations. Not only are EU companies affected, but those in Switzerland too.
The Regulation can also apply to data processing which is carried out outside the EU – including in Switzerland. A company is affected if it offers goods or services to individuals in the EU, or if the behaviour of individuals inside the EU is observed. For that reason these directives can also have legal consequences for companies based in Switzerland.
The Regulation provides for numerous new documentation and certification obligations. Companies may now also be obliged to employ a data protection officer. The rights of the affected private individuals are being extended and various organisational, technical or administrative obligations are now also being introduced. If the data protection regulations are infringed, harsher sanctions will be applied. In the worst case, companies face a fine amounting to EUR 40 million or 4% of global annual turnover.
In the event of a data security infringement, in particular a hacker attack, companies will have to fulfil new obligations. They will have to respond quickly and report to the responsible data protection authority, if possible within 72 hours Depending on the circumstances, any affected individuals, for example whose data has been stolen, will have to be informed immediately.