On 25 May 2016 the EU General Data Protection Regulation (GDPR) entered into force. After the elapse of the 2-year transposition period, it will become directly applicable on 25 May 2018.
The new EU data protection legislation introduces substantial changes for companies dealing with personal data: As a selection, the new requirements on transparency, on proportionality as well as on documentation when processing personal data are among the key changes. These are significant challenges for companies. In addition, the new legislation substantially improves the rights of the concerned individuals – the data subjects. Thanks to the GDPR, they now have clear-cut rights with regard to companies processing their data. Inter alia the key rights include the right on information, on rectification and deletion of personal data, on restriction of processing, on portability as well as the right to object processing. As data controllers, companies have to be able to comply with all these rights.
Besides new duties and compliance obligations for companies, data protection authorities are given new competences and enforcement instruments. Standing out are the new sanctions of up to the amount of EUR 20m or 4% of the international annual turnover of the concerned company, whichever is higher.
Swiss companies that (e.g. because they do business in the EU) are subject to the GDPR now have one year to make the necessary adaptions to comply with the GDPR. The new requirements are to be analyzed, gaps to be identified and mitigation actions to be planned and implemented. It is important to be prepared.
Legal Compliance Leader
+41 58 792 17 12
Michael Adrian Meyer
Legal Services – Senior Manager
+41 58 792 51 31
Partner and Leader Cybersecurity
+41 58 792 75 12
Idir Laurent Khiar
Legal Services – Assistant Manager
+41 58 792 17 51