The European General Data Protection Regulation (GDPR) strengthens consumer rights and imposes new obligations on businesses, including those in Switzerland. Swiss companies must adapt their governance to comply with the stringent rules of the GDPR, which applies not only to businesses in the EU but also to those processing data of EU residents.

Consumer rights are enhanced, with the ability to access their data, request corrections, or have their data erased, as well as being informed of any data breaches. Companies must adhere to these new requirements or face fines of up to 4% of their global turnover.

Key obligations include appointing a Data Protection Officer (DPO), notifying data breaches within 72 hours, and integrating data protection from the design phase (privacy-by-design). Additionally, companies are held accountable for their partners and subcontractors. They must also demonstrate that they are taking necessary measures to secure data.

As the GDPR's implementation date approaches, many Swiss businesses are still unaware of the adjustments needed. A survey reveals that many are not yet prepared and have not fully grasped the extent of the changes.

In parallel, Switzerland is revising its own Data Protection Act (DPA), inspired by the GDPR. While there are some differences, particularly regarding penalties, the revision strengthens individual rights and business obligations regarding data transparency and security.

Companies must now integrate personal data management into their corporate culture. This can represent an opportunity to rebuild consumer trust, as a study shows that many Swiss consumers are concerned about data security and hesitant to share their data.

In summary, while the GDPR imposes significant challenges, it also offers businesses an opportunity to reaffirm their commitment to data protection, fostering stronger relationships of trust with their customers.

Source: ICTjournal