17 days to go before the new EU General Data Protection Regulation (« GDPR ») will come into effect on May 25, 2018. Yet, many businesses have not been brought up to speed regarding the implementation of the GDPR and many Swiss businesses seem to ignore they are also concerned by this new piece of European legislation, for instance where personal data is processed by a European subsidiary of a Swiss company, or where personal data is processed for a Swiss company by a subcontractor based in the EU, or where personal data is processed by a Swiss company regarding data subjects who are domiciled in the EU.
The rights of data subjects are enhanced and the principle of accountability is at the centre of the new rules, meaning that the data processor shall have the obligation to demonstrate its compliance with the GDPR provisions at all times.
Updating privacy policies and general terms and conditions is essential but does not suffice in itself. For instance, businesses need to conduct risk assessments to demonstrate compliance with the new rules set forth by the GDPR. Businesses also need to implement internal processes and control mechanisms to guarantee fulfilment of their obligations throughout the data processing.
Failure to comply with the GDPR can lead to a fine of a maximum of EUR 20 million or up to 4% of the company’s annual global income.
All queries should be addressed to Mr Sébastien Collart at sebastien.collart@100rhoneavocats.ch

Tags: ,

Flux RSS  

Access our RSS feeds