News Update: The parliamentary debate regarding the total revision of the Swiss Federal Act on Data Protection has been postponed until the 2019 summer session.
Parliament has again slowed down the revision of the Swiss Federal Act on Data Protection (FADP). In June last year, it was announced that the bill would be debated in the 2018 winter session. It has now been communicated that the processing of the bill will be further delayed and will probably not be dealt with in the National Council until the 2019 summer session.
The decisive factor for the delay was the decision of Parliament in September 2018 to divide the revision into two stages, in order to be able to fulfil the obligations arising from the Schengen Agreement promptly and without experiencing time pressure for the total revision of the FADP.
The first phase therefore dealt with the requirements of the EU Directive 2016/680, which Switzerland had to implement within a certain period as part of its Schengen obligations, in order to ensure the continued free exchange of data between Switzerland and the EU. Parliament adopted the bill in January 2019, which entered into force on 1 March 2019.
The second phase deals with the total revision of the FADP, which aims to update data protection in line with the technological developments over the last 20 years. This is of particular importance for Swiss companies, as these adjustments will define the future protection of data relating to natural persons. With the delayed handling of the proposal in the summer session, the date of entry into force of the revised FADP is presumably being further postponed.
Importance for Swiss companies
Some Swiss companies see this delay as an opportunity to take forward-looking measures to comply with the upcoming legislation. Many focus on data records management, whereby companies take a holistic view of their data landscape and explore it from different angles. Data is analysed from both a business (process-based) and an IT (application-based) viewpoint. These two perspectives allow a consolidated statement about where personal data is transferred to within and outside the company. This insight serves as a basis for the implementation of the principle of data minimisation regarding the processing of personal data.