Data Protection Insights

Personal Data

Personal data refers to information that relates to an identified or identifiable natural person. This includes, for example, names, addresses, birthdates, contact details, financial information, and other data that enables the identification of an individual.

Processing of Personal Data 

The processing of personal data encompasses any action related to personal data, such as collecting, storing, using, transmitting, deleting, or destroying data.

Consent

Consent is the voluntary, informed, and unambiguous agreement of an individual to the processing of their personal data. Under the new Data Protection Law, consent must meet certain requirements to be considered valid and lawful.

Data Subject

A data subject is the natural person to whom personal data relates. The data subject has specific rights under the Data Protection Law, including the right to access, rectify, erase, and object to the processing of their data.

Data Protection Advisor (DPA)

The Data Protection Advisor is an expert consultant who provides guidance on data protection matters within an organization. They assess compliance, conduct privacy impact assessments, assist with policy development, provide training, and offer advice on data breach response. The DPA plays a vital role in ensuring compliance with data protection regulations and protecting individuals' privacy rights. Unlike under the General Data Protection Regulation (GDPR), a Data Protection Officer (DPO), is a designated position mandated by law. The DPA under the revFADP serves as a consultant or external advisor.

Data Protection Impact Assessment (DPIA)

A data protection impact assessment is a systematic assessment of the potential impacts of a planned data processing activity on the protection of personal data. It aims to identify risks and take appropriate measures to protect the data subjects' privacy rights.

Cross-Border Data Transfer

The transfer of personal data to a country outside of Switzerland constitutes an international data transfer. The new Data Protection Law includes provisions for the transfer of personal data to third countries and international organizations to ensure that appropriate safeguards are in place.

Data Breach

A data breach occurs when personal data is accidentally or unlawfully processed, destroyed, lost, altered, or disclosed. The new Data Protection Law includes provisions for reporting data breaches and notifying affected individuals.

Sanctions

The new Data Protection Law introduces sanctions for non-compliance with its provisions. These may include fines, warnings, temporary or permanent restrictions on data processing, and other measures to ensure compliance with the Data Protection Law.

Digital Services Act (DSA)

The Digital Services Act is a proposed regulatory framework by the European Union (EU) that aims to establish clear rules and responsibilities for online platforms. It enhances obligations for platforms to prevent the dissemination of illegal content, ensures transparency in terms of terms and conditions, content moderation policies, and algorithms, strengthens user rights, and facilitates cooperation with authorities. The DSA aims to create a safe and transparent digital environment while promoting innovation and competitiveness in the digital market.