New European data protection regulations: possible implications for Swiss companies.

The field of application of the new EU data protection regulation, applicable from 25 May 2018, is so wide that many Swiss companies will be affected.

Swiss companies will have to comply with the GDPR if they process personal data of individuals located on EU territory and if the processing activities are linked, alternatively:

• an offer of goods or services to be rendered in favour of these individuals (with or without a final payment);

• the behaviour of these subjects taking place in EU member States (Article 3 paragraph 2 letters a and b GDPR).

To determine whether the activities of an enterprise located outside the EU fall in the field of application of the GDPR, legal advisors have to analyse whether the intention to sell goods or services in the EU is manifest.

Several clues can therefore be studied (for example, the mention on the website of customers located in member countries or of a currency used in the EU).

 In the case of art. 3 par. 2 let. b GDPR, these experts can analyse whether there is a clear will to follow the behaviour of individuals in the European space (for example, by observing the use of profiling techniques or Google analytics).

Particularly the Swiss companies affected by the new European regulation must, as from 25 May 2018, comply with the following obligations:

• Inform and obtain the consent of the person whose data are processed.

• Ensure "Privacy by design" and "Privacy by default".

• Designate a representative in the EU.

• Keep a record of treatment activities.

• Declare cases of data breaches to the supervisory authority.

• Carry out an impact analysis concerning data protection.

• Pay fines in case of violation of the GDPR.

In this context it should also be noted that the Swiss Data Protection Act is being revised. Companies that have already adapted to the GDPR should save time in implementing the Swiss version when it is ready.

Our  Firm is available to answer to your requests.