The new data protection law in Switzerland (RevDSG)

3/11/2023

Data Privacy
Information Security
Best Practice

>

The new data protection law in Switzerland (RevDSG)

The Swiss Data Protection Act (RevDSG) aims to strengthen the protection of privacy and the rights of individuals when handling their data. At a time when data is considered the new gold, such regulations are more important than ever.

The need for RevDSG in the modern digital landscape

Progressive digitization and the increase in online transactions require improved data protection. Data breaches, cyber attacks and improper handling of personal data have shown that an updated data protection law is urgently needed in Switzerland.

Key features and new features of RevDSG

The RevDSG brings many new features:

  • Active consent:
    Companies may only collect and use data with the express consent of the person concerned.
  • Data protection impact assessment:
    Such an assessment must be carried out for processes that could pose a high risk to the rights of data subjects.
  • Right to be forgotten:
    Data subjects have the right to request companies to delete their data.

Differences with the European GDPR/GDPR

Although the RevDSG and the European GDPR/GDPR share many similarities, there are also differences:

  • Geographical scope:
    While GDPR/GDPR applies across the EU, RevDSG applies specifically to Switzerland.
  • Regulators:
    The RevDSG is regulated by Swiss authorities, GDPR/GDPR by European authorities.
  • Specific exceptions:
    Some industry-specific regulations may vary in RevDSG and DSGVO/GDPR.

Significant changes for companies as a result of the RevDSG

The RevDSG results in significant changes for companies in Switzerland that require profound adjustments to their data protection practices:

  1. Transparency in data processing:
    The new law underlines the importance of transparency in data processing. Organizations need to make it clear not only what data they collect, but also why they're collecting it, how it's being used, and how long it's being kept. This means that all data processing processes must be reconsidered and possibly adjusted to ensure complete clarity for those affected.
  2. Advanced security measures:
    The RevDSG requires companies to take technical and organizational measures to ensure the security of the data they process. This may include the use of encrypted data transfers, regular security checks, and security training for employees.
  3. Reporting obligation in case of data breaches:
    Should a data protection breach occur, for example as a result of a hacker attack or an internal error, companies are now required to report such incidents immediately to the competent authorities and, under certain circumstances, also to the persons concerned. This requires companies to have robust internal processes and communication strategies in order to be able to respond efficiently to such incidents.
  4. Documentation and accountability requirements:
    One of the most significant changes to the RevDSG is the obligation for companies to document their data processing activities. This means that they must not only be able to describe their data processing practices, but must also be able to demonstrate that these practices comply with the law. This requires comprehensive internal documentation and regular reviews.
  5. Extended rights for data subjects:
    The RevDSG strengthens individuals' rights with regard to their data. This includes the right to access your data, the right to correct incorrect data and the new right to be forgotten. Companies must ensure that they have the infrastructure and processes in place to process such requests within a reasonable period of time.

Docusnap: An effective tool for implementing RevDSG

The leading IT documentation software Docusnap supports companies in the practical implementation of RevDSG. The software visualizes data streams and helps with monitoring and documentation, which is particularly advantageous when it comes to the strict requirements of the RevDSG.

Integrating Docusnap into business processes

Introducing Docusnap into a company is a step-by-step process. First, the existing data landscape is analyzed, then necessary changes are made and, finally, continuous monitoring is implemented.
If you would like to test Docusnap yourself, we offer you the software solution free of charge for 30 days.

Concluding remarks and outlook

The RevDSG ensures that Switzerland is at the forefront of data protection. However, with the right tools, such as Docusnap, companies can overcome the challenges and be successful in the digital era.

faqs

  1. How can companies ensure that they comply with RevDSG?
    Through regular training, reviews and the use of specialized software such as Docusnap.
  2. Why is RevDSG stricter than its predecessor?
    Due to rapid digitization and the associated risks, a stricter law was needed.
  3. What happens if a company violates the RevDSG?
    Heavy fines may be imposed, depending on the seriousness of the infringement.
  4. How does RevDSG differ from other international data protection laws?
    Each country has its own laws, but the RevDSG was developed to meet modern requirements and international standards.