Fines of up to 250,000 francs are threatened: you should know that about the new data protection law

The urgency of this project is evidenced by the recent cyber attack on the state-affiliated IT company Xplain. As recently became known, sensitive federal data has been made public. Blick explains what you need to know about the new law and what changes for SMEs and private individuals.

The first reason is that the old privacy law dates back to 1992. Since then, smartphones and social media have brought the world closer together. As a result, a huge stream of data enters or leaves Switzerland every day. It is important to make a good backup of this data.

Of course, foreign customers also want to know that their data is safe in Switzerland. As the EU has already introduced stricter data protection laws, Switzerland must now follow suit. “A weak DSG would be devastating for the Swiss economy. It would mean that other countries would no longer be allowed to share their data with Swiss companies,” said Markus Limacher, head of IT security consulting at Infoguard.

In principle, it applies to everyone. However, it is especially important for companies. Because they deal with more or less sensitive customer data on a daily basis. They should be better protected with the new DSG.

The owners of an SME must now ensure that no personal data can be stolen or misused. In principle, every person who runs a website or company has a duty to properly protect their data.

For the first time, the new DSG makes demands on websites, devices and IT systems – provided they collect customer data. And almost everyone does that: as soon as you have to enter your name and address when ordering online, for example, the website collects data.

With the new data protection law, these systems must be programmed from the start so that customer data is secure (“privacy by design”). At the same time, this high level of security should become standard throughout Switzerland (“Privacy by Default”). The requirements for the security of websites, IT programs and devices are therefore increasing.

The purpose of these measures is to ensure that you can surf the Internet without having to worry about your own data. The protection of privacy becomes, as it were, a condition for all companies and websites.

In principle, all personal data must be protected. These are names, addresses or e-mail addresses. Medical data or sensitive information about someone’s religious beliefs, for example, must be particularly protected.

Better protection in this case means, for example, two-factor authentication or multi-level encryption. The requirements change depending on the amount and sensitivity of the data stored.

Unless you manage your own website, nothing will change for you as a private person, except that your privacy will be better protected. If you manage a website or otherwise handle third-party data, you must be able to guarantee its security. IT professionals tell you exactly how to do this.

This is so important because with the tightened DSG, individuals can also be fined up to CHF 250,000 for misconduct! The amount of the fine depends on the degree of negligence and the amount of data that is insufficiently secured or incorrectly processed.

In principle, exactly the same rules apply to SMEs as to private individuals. Anyone who operates a website or handles customer data has an obligation to keep it confidential and to protect it. IT experts can help here too.

Another change is that the Federal Data Protection and Information Commissioner (EDÖB) will be given more powers. If a company handles data improperly, it can now intervene immediately and issue an order to suspend, restrict or prohibit data processing. Depending on the company, this means a cessation of all business activities.

In principle, it is a criminal offense if negligence in the handling of sensitive personal data can be proven. This is the case, for example, when a website is not sufficiently secured or when sensitive data is passed on to third parties without permission.