Introduction

Since 1st September 2023, the new Data Protection Act (DSG) is in force in Switzerland. Here you can learn the most important information about the Data Protection Act, personal data, and how to ensure data protection in your company.

The Data Protection Act contains a range of requirements for companies that process personal data. These include, among others, the obligation to publish a privacy policy, to respect the data protection rights of the affected individuals, and to ensure data security. In the following article, you will learn for whom the new Data Protection Act applies, what personal data is, and what a privacy policy is.

For whom does the Data Protection Act apply?

The new Data Protection Act and its Regulation apply when it comes to the processing of personal data by natural and legal persons including federal authorities. Private individuals who process personal data only for their own use are in principle exempt from complying with the data protection requirements. This exception "for personal use" only applies to the processing of data in the closest personal and family circles (i.e., data of close family members and friends). Public websites, even if they are managed by a private person, do not normally fall into the category “for personal use”. Therefore, private website operators, just like commercial ones, are regularly affected by the new provisions of the Data Protection Act and the Data Protection Regulation.

What does “processing of personal data” mean?

According to the new Data Protection Act, personal data is understood to be all information that relates to a specific or identifiable natural person. These include, for example, name, address, telephone number, date of birth, or an IP address. Processing encompasses any handling of personal data, regardless of the means and procedures applied, in particular storing, disclosing, obtaining, collecting, deleting, saving, changing, destroying, and using personal data. Data protection law does not protect the data itself, but the individuals behind it, whose data is processed.

What is a privacy policy?

A privacy policy is a document. It describes which information the company collects, how this data is processed, and for what purposes it is used. It also explains whether these data are passed on to other individuals, companies, and/or third parties. Additionally, it details the steps the company takes to protect the privacy of its clients and who within the company is responsible for data processing.

Why is a privacy policy needed?

The privacy policy is necessary to ensure transparency. It explains to the visitors of a website which personal data is collected and why it is used. They also show if and which data is passed on to other people. Simplified, visitors must receive enough and easily understandable information about which personal data is collected and what happens with it so that they can decide for themselves whether and how they want to disclose their data. Moreover, users must receive all necessary information to be able to assert their rights. Therefore, the policy should be written with care, accuracy, and in a language that the visitors understand well. If the website is available in multiple languages, the privacy policy should also be in those languages.

When do I need a privacy policy?

A privacy policy is necessary wherever personal data is collected and/or processed. These include in particular:

• Websites

• Newsletter

• Contracts with private individuals

• Marketing campaigns

Conclusion

The revised Data Protection Act strengthens the rights of affected individuals and imposes higher requirements on companies that process personal data. In particular, small and medium-sized enterprises should review their internal processes and documentation according to the new stipulations. Violations may also have criminal consequences for responsible individuals in the future. By acting early, you not only reduce legal risks but also strengthen the trust of your customers.

The creation of a privacy policy can become a time-consuming and complex challenge. For this reason, we have developed a solution that makes the process as simple as possible for you.