Data Protection Act – An Overview

On 25 May 2018, the new Basic Data Protection Regulation (DSGVO) for Europe entered into force. We at Cleverclip also had to react to it. But what exactly is it all about? Who is affected? And what does this change? Find out more in this blog.

Digitalization brings with it many changes and countless opportunities. But personal data is becoming more and more important and the risk of identity theft is increasing. The aim of the new regulation is the informational self-determination of personal data. But it also aims to protect the rights and privacy of EU citizens.

Who is affected by the new Data Protection Act?

First of all, we would like to clarify what data is at stake. Namely names, addresses, telephone numbers but also pictures. In short: all personal data. Swiss companies must comply with the DSGVO when processing data from persons located in the EU. This is the case when the processing serves either to offer the persons goods or services or to track the behaviour of these persons – if this happens in the EU Member States. This can be done, for example, through web analysis tools.

What will be changed by the new Data Protection Act?

There must be a legitimate interest in the processing of personal data and the data subjects must have consented to this. In addition, the principle of transparency applies – companies must disclose what the data is used for. Personal data must be deleted as soon as they are no longer needed. Companies must draw up a list of processing activities and report data protection violations within 72 hours. In addition, a data protection impact assessment must be carried out and a representative must be appointed in the EU.

The terms Privacy by Design and Privacy by Default are also anchored in the DSGVO. Firstly, this means that the protection of personal data is achieved by taking technical and organisational measures at an early stage. And secondly, that users who are less technical are protected.

For companies, however, the new ordinance also means that their own data salad can be untangled. And clean data management can prevent hacker attacks – protection against personal data becomes part of risk management.

What happens if you ignore it?

It is not only enormous damage to the company’s image that can be a serious consequence if the new regulation is not observed. The financial consequences can be fatal for a company. The fine that can be imposed in the event of a breach of data protection can amount to up to 4% of the total turnover of the previous financial year.

Swiss companies that adapt to the DSGVO will soon have a considerable advantage. A new federal law on data protection is currently being drafted, which should largely comply with the requirements of the DSGVO. Thus, those companies that have now adapted to the new regulation will be ready for the new revision.