Get better privacy compliance in a few steps
by Veronika Altenbach
The new Federal Act on Data Protection (nFADP), which comes into effect on September 1, 2023, poses a number of risks and challenges for companies. To improve privacy compliance, we would like to provide you with some helpful tips. Together with the renowned HES-SO Geneva University of Applied Sciences, whose expertise includes cybersecurity, we offer support in implementing the nFADP. Given the complex challenges we have encountered ourselves, we have decided to present assistance for SMEs in a visual, process-oriented method.
Beforehand, here are some important aspects to consider:
- You should first determine the purpose and basis for processing personal data. You should only process personal data that is really needed for the business activities.
- It makes sense to create a record of the processing activities (cf. nFADP Art. 12). This is an inventory of your processing activities along with the personal data processed. The activity greatly helps your journey to privacy compliance.
- Inform your customers and employees about the collection of personal data and allow them the possibility to consent or refuse the use of this data.
- Establish processes that allow people («data subjects») to exercise their data rights (cf. nFADP chapter 4). This includes the right to consult their data that you possess and the right to request its deletion.
- To protect personal data, you must implement technical and organizational measures (TOM), such as developing and enforcing rules for access security, as well as regular employee trainings.
- Review your contracts with third parties – particularly regarding «processors» which are contractors to whom you transfer data – and ensure that data security is guaranteed by these parties.
- Document your processes, measures, and checklists.
We will be happy to provide you with recommendations for action that you can apply to improve privacy compliance and organize your company processes accordingly.