By now, all Swiss companies should be aware of the ‘New Federal Act on Data Protection (nFADP)’.On September 1, 2023, the new, stricter data protection law will be enacted in Switzerland.
Swiss companies should therefore review their status quo in terms of data protection as quickly as possible and ensure that the comprehensive data protection requirements are implemented.
These include:
- Reviewing privacy statements. It is important to ensure that they contain sufficient information about the data controller, the purpose of the data processing, third-party recipients of the personal data, and possible transfers to third countries outside Switzerland.
- Implementing the new right to data portability. This right may require technical measures to enable data subjects to receive their personal data in a commonly used file format when such data is processed by automated means and based on consent or in connection with a contract.
- Establishing an internal procedure for reporting data privacy breaches. Data privacy violations should be promptly identified, handled, and, if necessary, reported. In addition, employees should be trained to respond to data privacy violations. Review contracts with data processors. For example, it should be ensured that these contracts explicitly guarantee the security of the personal data processed and include a procedure for dealing with data breaches.
Aside from the required regulatory steps associated with implementation, transparent communication on implementation and compliance plays an essential role in ensuring the continued trust of your target audiences and strengthening the corporate brand.
Internal communication
Good, transparent data privacy communication starts with training your employees. Regular training on data privacy should become an integral part of your internal communications. This helps employees to better understand and comply with the new data privacy regulations. This raises awareness of the importance of data privacy within the company.
Transparent communication channels
Create transparent information channels by ensuring that your employees, customers and business partners know how or who they can contact for any questions about data protection or processing. It is advisable to include the contact details of the responsible person (telephone number, e-mail and contact person) on your website (for example, in the privacy policy). Good visibility of the opt-in/opt-out boxes in the online forms on your website should also be ensured.
External communication
Of course, public relations (PR) also plays a significant role. Use your website, social media or other communication channels, such as your newsletter, to communicate information about your privacy compliance. Communicate information about your privacy practices, efforts to secure personal data, and commitment to privacy.
In your business relationships with other companies that process personal data, ensure they are also privacy compliant. Communicate your data protection and data security requirements and, if necessary, regulate them contractually.
Authors: lexr.com & Rent a PR