What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR) is a general EU regulation that will enter into force on 25. May 2018 and is not aimed directly at individuals but at abstract categories of addressees. The Regulation is designed to regulate the handling and circulation of personal data within the EU. The impetus for the introduction of such a basic regulation was given by the rapid technological progress of recent years and the constantly growing need to regulate the concerns for the protection of personal data within. The GDPR is relevant for Switzerland as soon as a company has clients from EU countries and does business in countries that fall under EU law.
What is “personal data”?
The GDPR defines “personal data” as follows:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”
(GDPR, Chapter 1, Art. 4, Definitions)
What must the affected companies do in Switzerland?
Swiss companies affected by the new EU regulation must fulfil the following obligations as of 25 May 2018:
- inform and obtain the consent of the person whose data are being processed
- guarantee “Privacy by design” and “Privacy by default”
- appoint a representative in the EU
- draw up a list of processing activities
- report data protection violations to the supervisory authority
- conduct a data protection impact assessment
- pay fines for violations of the GDPR
If you work with third parties and have cooperation partnerships, you must indicate this on your website and your partners must also agree to the GDPR.
switchplus and GDPR
switchplus adheres to the new basic data protection regulation and ensures where personal data must be transferred to third parties that they also comply with the GDPR.
More information and links on the GDPR (partially in German)
SME Portal: Data protection: new European regulation