Perspectives

GDPR - Consequences for Swiss businesses

Navigating the new privacy landscape

As Switzerland is not a member of the EU or the EEA, the reform of the European data protection law does not have a direct impact on Swiss businesses.

Author: Andreas Knijpenga

However, the reform will still be relevant from a Swiss business perspective as follows:

The new EU data protection regime will be directly relevant for any data processing undertaken by group entities located in the EU and Swiss-based companies, if they conduct business activities within the EU area and have access to personal data from their EU customers, suppliers and EU employed staff.

In this context there are a few significant new requirements, such as (to name only a few):

Data breach notification within 72 hours
Data protection officer requirements
Sanctions of up to 4% of total annual worldwide turnover or up to EUR 20 million
Unambiguous or explicit consent

Secondly, the pending Federal Data Protection ACT (FDPA) revision will be strongly influenced by:

The modernisation of the "Convention ratified by Switzerland for the protection of individuals with regard to automatic processing of personal data" by the Council of Europe
The new GDPR (personal data of individuals)
The new Data Protection Directive for the police and criminal justice sector

Ultimately, all three new European provisions follow the same principles. Although the core principles of the FDPA are expected to remain the same, and only minor adjustments of the current FDPA are required, Swiss law makers may copy large parts of the final GDPR in its revised FDPA to maintain the harmonisation of the economic area.

Independent from the FDPA revision, the new EU data protection regime will be directly relevant for many Swiss-based companies, if they conduct business activities within the EU area and have access to personal data from their EU customers, suppliers and EU employed staff. It will also be key for all Swiss companies to familiarise themselves with the new GDPR and its requirements, to already begin assessing if they are affected by the new rules and to initiate the preparatory work (e.g. review client facing materials to ensure compliance with the new consent and transparency requirements, review and amend contracts with data processors where required) so that all necessary adjustments are made in time to comply with the new data protection requirements in the EU and Switzerland.

Please stayed tuned for further FDPA updates.

For GDPR updates, sign-up to our quarterly Cyber Flash

Contacts

Klaus Julisch

Managing Partner, Risk Advisory

kjulisch@deloitte.ch

+41 58 279 6231

Dr. Klaus Julisch is Managing Partner for Risk Advisory, a member of the Swiss Executive and lead partner of Deloitte's cyber practice in Switzerland. As a member of the European cyber leadership team... More

Florian Widmer

Partner, Risk Advisory

fwwidmer@deloitte.ch

+41 58 279 6910

Florian Widmer is a Partner in Deloitte’s Cyber Risk Services practice in Switzerland and leads the Cyber Vigilant, Cyber Resilient and Data Privacy services. He has over 15 years of experience in hel... More

Audit & Assurance

Consulting

Risk Advisory

Financial Advisory

Legal

Tax

Deloitte Private

Executive & Boardroom Programmes

Sustainability

Consumer

Energy, Resources & Industrials

Financial Services

Government & Public Services

Life Sciences & Health Care

Technology, Media & Telecommunications

Choose your impact

Working at Deloitte

Your career opportunities

Your career at Deloitte

Deloitte Career Stories

Job search

GDPR - Consequences for Swiss businesses

Navigating the new privacy landscape

For GDPR updates, sign-up to our quarterly Cyber Flash

Contacts

Klaus Julisch

Managing Partner, Risk Advisory

Florian Widmer

Partner, Risk Advisory

Recommendations

Brexit creates questions over privacy rules