By decision of 31 August 2022, the Swiss Federal Council established the date of entry into force of the new, completely overhauled Federal Data Protection Act and the implementing provisions included in the new Ordinances on data protection (OPDo) and data protection certifications (OCPD) as 1 September 2023. This relatively long timeframe should be sufficient for the economic players concerned to calmly take the measures needed to comply with these new provisions.
This arsenal of new standards is the outcome of a process to overhaul the Swiss legal data protection system that was launched by the Swiss Parliament on 25 September 2020 and then shunted around for consultations, adaptations and revisions. It essentially enshrines the strengthening of data protection, with improved transparency of data processing and stronger self-determination of data subjects, and allows Switzerland to ratify the Council of Europe Data Protection Convention CETS 108.
The revision of the Data Protection Act brings about the following changes:
- General improvement in transparency, by reinforcing the obligation of economic players to provide active information on their data processing and establishing data subjects’ rights of access, delivery or transmission of their data;
- Strengthening of the supervisory skills and independence of the FDPIC;
- Tightening of criminal provisions, with a maximum fine of CHF 250,000.00;
- Obligation to carry out an impact analysis upstream of the data processing, with regard to the risks for the data subject’s personality and fundamental rights; and
- Enhancing data security and notification of data security breaches.
It should be noted that the economic players concerned will also be encouraged to self-regulate, through “soft law” standards such as codes of conduct or directives.
Author: SwisNot, Berne