The new Federal Act on Data Protection (nFADP) comes into force on September 1, 2023, more than 5 years after its European counterpart, the RGPD. This new regulation comes with challenges and opportunities for Swiss companies.
Many Swiss companies are not ready for this nFADP, especially those that do not have any activity outside Switzerland. However, its application implies important changes that should be anticipated:
While the marketing and sales professions appear to be on the front line, handling the largest volumes of personal data for prospects and customers, human resources are also affected by employee data. Beyond compliance, data is a major challenge for companies and an opportunity to be seized to differentiate themselves. It allows companies to develop new uses, to be more agile in managing their activities and performance. By mastering the entire chain, from data collection to data enhancement, companies have an opportunity to create value.
What is the risk of not being compliant with the nFADP?
The financial penalty remains relatively low (250,000 francs) compared to its European counterpart the RGPD (up to 20 million euros or 4% of the company’s annual turnover). But the most obvious risk is reputational, with complaints and sanctions likely to be publicized and to seriously damage the image of the company.
The 5 years of history of the RGPD have clearly shown a rise in complaints and sanctions, as consumers have become aware of the issues related to the use of their personal data. An example illustrates this well: when the RGPD was implemented in May 2018, large European companies received very few requests for erasure (right to be forgotten), manual processing was then sufficient. A few years later, it was necessary to automate these treatments to meet the deadlines imposed by the law.
Colombus Consulting, in association with Brandit, has developed a white paper that deciphers the essential points to consider in order to turn data into a competitive advantage and respect the conditions of the revised DPA. Jean Meneveau, Associate Director of Colombus Consulting and co-author of this white paper, is at your disposal for any clarification and if you wish to have an insight on this new regulation.