New European data protection rules and revision of the Swiss law on data protection

Swiss SMEs are concerned.

At its meeting on 11 January 2018, the Commission of the political institutions of the National Council decided, without opposition, to debate on the draft revision of the Swiss law on data protection.

The revision of the Swiss law on data protection is, among other things, related to the entry into force, on 25 May, of EU’s general data protection regulation (GDPR). This regulation will also apply to companies outside of the EU (see the article of 6 December 2017 (http://economiesuisse.ch).

With its regulation, the EU in fact establishes a new international standard for data protection. This will apply beyond the companies directly under its scope of application. The National Council decided to split the Swiss project in two parts. Urgent changes, due to the Schengen Agreement, will be discussed first. This decision, however, should not make us forget that a total revision of the data protection act is necessary and should be addressed quickly.

Should the Swiss prescriptions be too weak, this would result in additional costs for Swiss SMEs.

It is in the best interest of Swiss SMEs that the Swiss data protection act is consistent with the GDPR. It is in the interest of Switzerland that the EU considers that our country has adequate regulation in this field. If this is not the case, complications should be expected in the day-to-day management of our businesses. Indeed, if Switzerland does not establish a level of data protection sufficient compared to the EU data protection, it would be considered by the EU as a third State with inadequate regulation. The requested data protection involves costs for our businesses, it is certain, but they are unavoidable.

Our European trading partners will be subject to the new provisions and therefore forced to impose them on their clients as well as their suppliers. Practical consequences on a daily basis could be:

• Operational Obstacles: If Swiss regulation is not adequate, European provisions will be contractually imposed on Swiss companies: contract negotiations could become painful and European companies could refuse to do business with Swiss SMEs (e.g. European providers of software and cloud services).
• Technical Obstacles: In the digital economy era, data crosses borders. Obstacles of a technical nature resulting from the level of protection.

This may even affect the village bakery

Apart from the operational overflows of the GDPR which extends to companies which are not directly involved in legal terms, a digitised SME may fall within the legal scope of the GDPR even without realising it. Therefore, it often happens that providers of cloud solutions for our smartphone and e-mail servers are not in Switzerland.

Even just to send a newsletter, often we use services from providers established in the EU. It may happen that the village baker or the operator of a small online store or online services enters the scope of the GDPR.

A guide to prepare small and medium-sized enterprises (SMEs) for the General Data Protection Regulation is available below:

Source: Economie Suisse