New Federal Act on Data Protection Strengthens Rights

One objective of the total revision of the Data Protection Act was to raise the level of data protection to that of the European Union. In addition, the law was improved by creating more transparency in the processing of personal data and expanding the rights of data subjects.

We explain the most important innovations and what advantages they bring for you.

Stricter Provisions for the Processing of Data

Various extensions in the new Data Protection Act ensure that your data is even better protected:

• Personal data may only be processed for a specific purpose that is recognizable to the person concerned. Employees Switzerland, for example, processes data in order to be able to make you, as a member, customized offers.
• Data on ethnic origin as well as genetic or biometric data are now also considered to be particularly worthy of protection. This means that, for example, facial or voice recordings of you are better protected.
• Anyone who wants to obtain and process data from you must inform you about this in a precise, transparent and comprehensible manner. This can be done, for example, by means of a data protection declaration, as published by Employees Switzerland on its website (see link at the end of this article).
• Personal data must be destroyed or anonymized as soon as it is no longer required for the purpose of processing.
• Every person who processes data must make sure that it is correct. Incorrect data must be corrected or deleted.
• Technical aids must be designed in such a way that they comply with the principles of the Data Protection Act. Software, for example, must be programmed in such a way that data is deleted or anonymized at regular intervals.
• Technical aids must be set up in such a way that only as little data is processed as is necessary for the intended purpose.
• Persons in charge and commissioned processors must take technical and organizational measures to ensure adequate protection against unauthorized processing.
• Anyone who processes personal data must not violate the personality of the persons concerned. This would be the case, for example, if personal data were processed contrary to the person's express declaration of intent or if particularly sensitive personal data were disclosed to third parties.

Right to Information and Surrender of Data

Thanks to the new Data Protection Act, you have better control over your data. This is due to the following two rights:

• The right of access allows you to obtain information about how the data concerning you is processed. For example, you can find out the purposes for which your data is processed or where it is passed on.
• The right to data output and transfer gives you the opportunity to obtain your data in a common electronic format or to have it transferred to others. The prerequisite is that the data is processed automatically. The right to data output, which is free of charge to you, allows you to turn your data into money by making it available to providers for a fee.

Infringements Cost up to a Quarter of a Million Francs

There may be exceptions to certain rights. For example, the right to information can be denied if overriding interests such as business secrecy militate against it.

Violations of the new Data Protection Act can now result in fines of up to 250,000 Swiss francs. In addition to moral reasons, this is another reason to handle personal data with care.