Data protection
Revision of the law on data protection
The new Federal Act on Data Protection (nFADP) will come into force on September 1, 2023.
In the digital age, data security is a major concern for the Swiss business community. As society and technology have evolved considerably over the last 30 years, the Swiss Federal Data Protection Act (DPA) as established in 1993 is no longer sufficient to protect individuals effectively.
The revision of the DPA initiated by the Federal Council will enable the law to be brought into line not only with current social and technological conditions, but also with EU data protection legislation.
What’s changing ?
The changes introduced by the new law are listed in the official document on the Federal Data Protection Act.
When will this be introduced ?
The new Federal Data Protection Act will come into force on September 1, 2023, along with the new Data Protection Ordinance (DPO) and the new Data Protection Certification Ordinance (DPCO).
What are the objectives ?
Faced with an increasing number of cyber attacks, the Federal Council wants to strengthen digital security and make companies more responsible when it comes to data processing.
The new Federal Data Protection Act aims to protect the rights of individuals and guarantee transparency when their personal data is processed by private or public organisations. It sets out a regulatory framework for the way in which data is collected and processed and determines how individuals can control the way in which their data is processed.
Who is affected ?
Any organisation that handles personal data, particularly businesses, must now ensure that they comply with the new Federal Data Protection Act.
What are the risks ?
The criminal consequences of breaking the law are far more severe than before. The person responsible for processing the data (and not their company) risks a fine of up to CHF 250.-.
How do you go about it?
To ensure that you are compliant with the new law, take stock of the personal data you process, the data processing carried out, the data life cycle, the people who have access to this data, the media on which the data is stored and the cybersecurity measures put in place in your company.
Next, set a framework for personal data management, ensuring that you follow the nLPD guidelines. Define procedures and accredited persons, define the safety measures to be implemented, etc.
Bonds
Inform the person concerned
Companies are obliged to report the collection and processing of personal data. Information must be made available, via general terms and conditions for example, so that data subjects are able to exercise their rights under data protection law.
Obtaining consent
For the processing of sensitive data, the data subject must give his/her consent to the processing of his/her data.
Report a violation
A data security breach must be reported immediately to the Federal Data Protection and Information Commissioner (FDPIC). The FDPIC may require that those affected by the security breach also be informed.
Keeping a register
Companies with 250+ employees must keep a register of all data processing carried out. Companies with fewer than 250 employees are exempt, unless they process sensitive data on a large scale.
Ensuring data security
Companies processing personal data are required to put in place appropriate measures to meet data processing requirements, at both technological and organizational levels.
Respecting protection principles
Companies handling personal data are required to process data in accordance with the principles of Swiss data protection law (lawfulness, good faith, proportionality, transparency, accuracy, purpose and security).
Customer information
In accordance with data management practices, MCA Concept is required to retain data stored on its servers for a period of 10 years. To be on the safe side, we prefer to keep the data for an additional year to the recommended period(11 years).
To free up server space and comply with the new Data Protection Act (nLPD), MCA Concept offers several solutions for recovering or destroying data stored for more than 11 years.
Note: to avoid having to repeat this major operation every year, the extension of the minimum 10-year retention period may be extended by a further year in the future.
Download the document below to inform us of your decision regarding the recovery/destruction of your data.
To summarize
The revision of the Data Protection Act (nLPD) at Switzerland is a crucial step for all companies and organizations that process personal data.
When the new law comes into force on September 1, 2023, data data management becomes even more essential.
Companies must ensure that they comply with new obligations and requirements, such as theobligation to inform data subjects, d’obtain their consent, d’notify security breachesto keep a register of data processingand much more.
This legal change aims to strengthen digital security and guarantee transparency in the processing of personal data.
To ensure proper management of their data and respect the principles of data protection principlescompanies can rely on data management and and IT securitysolutions, such as software and services offered by providers such as MCA Concept.
It is essential to take proactive measures to comply with the nLPD and avoid the risks associated with it. risks risks associated with data breaches.
For any company or organization looking to set up a effective data management and to comply with the new law, it is advisable to consult experts in data management and find appropriate software solutions to guarantee data compliance and security.
ERP software, CRM, management software, commercial management, accounting, inventory, SME, cloud, business management, planning, ERP, SaaS, information system, software packages, ERP, software, customer relationship, management software, production management, integrated management, relationship management, e-commerce, integrated management software, management solution, ERP solutions, enterprise resource planning, integrator, inventory management, single database, ERP solution, traceability, dashboards, customer relationship management, invoicing, implementation, trade, resource management, Microsoft Dynamics, steering, management software, open source, Oracle, ERP project, uniqueness, accounting management, Dolibarr, management software, ERP software, our solutions, SMEs, automation, configuration, commercial management software, operational, management solutions, small businesses, integrated management software, SaaS mode, Cegid, demo, automate, functional, ERP and CRM, resource planning, scalable, integrated management software, EBP, business intelligence, workflow, modular, company resources, open-source ERP, ergonomics, CRM and ERP, decision-making, software, flexibility, business processes, integrated, medium-sized enterprises, small and medium-sized, multiple modules, Dynamics NAV, business sector, functional scope, agility, NAV, supply chain, project management, consultants, databases, analytics, ERP market, integrated management, human resource management, reporting, functional, procurement management, accounting, various modules, ERP software, Microsoft Dynamics NAV, SaaS ERP, entire process, interfaces, business management software, CIO, centralize, Dynamics AX, management tools, various services, real-time business processes, SAP ERP, functional coverage, decision-making, OpenERP, integrated in the software, independent modules, business processes, software solution, warehouses, project manager, Dolibarr ERP, financial management, management module, management process, WMS, centralized, stock management, supply chain, operational processes, enterprise software, integrated tool, ERP specifications, your business, data entry, cost control, ETI, treasury, software solutions, business software, CRM software, Sage ERP, integrated management software, entries, configurable, flexible, open-source, all services, consulting, integrated into the software, small and medium-sized businesses, workflow, integrated into the software, software modules, small and medium-sized enterprises, project management, MySQL, implementing software, developer, saving time, software implementation, centralization, CRM solution, EDI, business software, licenses, Cegid ERP, user-friendly, number. user base, management modules, lifecycle, responsiveness, ERP consultant, production software, accounting entries, computer applications, sales management, management tool, CRM solutions, new features, integrates a tool, back office, thus allows for management, integrated management software, allowing to manage the whole, specific needs, complete solution, collaborative, payroll, IT infrastructure, functional, accounting, workflow engine, Sage ERP, software publisher, decision support, integrators, automated, integrated into the company, CRM module, flow management, business management software, SAP software, integrated into the software, MRP, SMEs, cost control, integrated management solution, data management, JD Edwards, agri-food, specific developments, dematerialization, business management, subsidiaries, logistics, better management, PrestaShop, specific modules, construction, finance ERP, software company, multiple applications, scalable, notably includes, package, logistics software, personnel management, time-saving, reference, Microsoft Dynamics AX, comprehensive and integrated, terminological dictionary, accounting and financial, terminological dictionary, could be integrated, centralized, commercial activity, competitive, SQL Server, order management.