What it’s all about: the data protection of the future
Digitization not only increases data volumes, but also the technological possibilities for analysing and processing existing data using Big Data, machine learning and artificial intelligence. The new Swiss Federal Act on Data Protection, which was adopted by the Swiss Parliament in autumn 2020, takes account of these developments. It replaces a law that dates back to 1992 — a time when the internet was still in its infancy. “The new Federal Act on Data Protection now applies wherever personal data is processed. For banks, whose business is data-driven and IT-managed, it will have an impact in many areas,” explains Jürg Frei, head of the framework project on data protection at PostFinance. Key elements of the new data protection legislation include:
- The new Federal Act on Data Protection exclusively covers the protection of natural persons, bringing it into line with relevant international standards.
- The obligation to provide information with regard to data subjects is being made much more comprehensive and includes the minimum information required.
- Additional personal data, such as genetic and biometric data with which a person can be uniquely identified, is considered particularly sensitive
- Companies with 250 or more employees are obliged to keep a record of their processing activities.
- Processing of personal data must be planned and implemented in such a way that it can be carried out in compliance with data protection regulations from the outset (privacy by design).
- There is now a right to data portability: individuals can request the release of their personal data in a common electronic format.
- Clear sanctions are set out which stipulate the individual criminal liability of the responsible persons. It is assumed that it is primarily the management bodies, such as members of the Board of Directors or the Executive Board, that could be affected by this, and possibly also the data protection officer in the case of improper action.