What it’s all about: the data protection of the future
Digitization not only increases data volumes, but also the technological possibilities for analysing and processing existing data using Big Data, machine learning and artificial intelligence. The new Swiss Federal Act on Data Protection, which was adopted by the Swiss Parliament in autumn 2020, takes account of these developments. It replaces a law that dates back to 1992 — a time when the internet was still in its infancy. “The new Federal Act on Data Protection now applies wherever personal data is processed. For banks, whose business is data-driven and IT-managed, it will have an impact in many areas,” explains Jürg Frei, head of the framework project on data protection at PostFinance. Key elements of the new data protection legislation include:
- Only data of natural persons will be protected
- The obligation to provide information to data subjects will be more comprehensive
- Additional data, such as genetic and biometric data with which a person can be uniquely identified, is considered particularly worthy of protection
- Companies with 250 or more employees are obliged to keep records of their data processing
- Data processing must be planned and implemented to ensure data protection regulations are complied with (Privacy by Design)
- There is now a right to data portability: any person can demand the release of their personal data in a standard electronic format
- Clear sanctions are defined