EN
Adrian Lobsiger, the Federal Data Protection and Information Commissioner (FDPIC), classifies the innovations of the new data protection law, which will come into force on 1.9.2023, and talks about where there is still a need for action and which changes are likely to be the most talked about.
Netzwoche conducted an interview with him (German).
This fine is a clear sign. The Irish data protection authority has fined tech giant Meta 1.2 billion euros for violating EU rules for years when transferring data to the US. Never before has a violation of the General Data Protection Regulation (GDPR) cost a company so much.
Facebook has been transferring data to the USA for over ten years without complying with EU regulations. Nevertheless, those responsible in the USA will understand the signal. Europe is serious about data protection. With the GDPR, the EU also has an instrument to punish violations in a way that hurts even the big players in the industry.
The US will now finally have to think about how it handles data. The cleanest solution would be for Joe Biden’s administration to change US laws to give Europeans the same rights as US citizens. Their data may only be spied on if a judge orders it. So far, the US has not been willing to do this.
However, it is not without a certain irony that Europe’s big moment comes from the initiative of a private individual. Austrian activist Max Schrems got the fine rolling with his complaints, just as he had previously brought down transatlantic arrangements for data transfers with lawsuits. Before European politicians display complacency on this day, they should ask themselves whether they have taken the admittedly unwieldy issue of data protection seriously enough. It is time to do so.
In the new DPA, the fine limit was increased to CHF 250’000 and the punishable offences were significantly expanded.
In contrast to the EU GDPR, whose fines are directed at companies, fines can only be imposed on natural persons under the DPA.
Your employees who process personal customer data, for example, are permanently at risk of being fined due to “processing errors”.
Have you introduced an internal data protection knowledge management system in your company, so that
– your employees are aware of the provisions of the Data Protection Act
– their special requirements and
– the effects on their work activities
are comprehensively informed.
A data protection knowledge management system and training systems for self-study are of great benefit.
Contact us, because ignorance does not protect you from fines.
For the second year in a row, the current Allianz Risk Barometer shows that Swiss companies feel most at risk from cyber incidents, such as IT failures, ransomware attacks or data breaches. For your company, the question is not “if” it will be attacked, but “when”, by what means this will happen and how severe […]
Quite pragmatically, software developments in companies are often tested with a copy from the productive system.
However, this violates the Data Protection Act and the use of data for testing purposes is not permitted.
By using synthesized or anonymized data in conjunction with comprehensive technical and organizational measures, the DSG requirements can be implemented.
However, these protective measures often do not exist in test systems.
What data is used for testing in your company?
Reconcile data protection and systematic testing.
After around 550 million WhatsApp user data were stolen and offered on the darknet, the FDPIC reports that 1.5 million users from Switzerland are affected by this data theft.
Currently, users are warned not to reply to chat messages from unknown senders or to click on links.
Special care should be taken when transferring money.
If you have any doubts, we can work with you to answer these questions.
Messenger service WhatsApp must pay a fine of 225 million euros in Ireland, the Irish data protection authority DPC has ruled. The authority is responsible for WhatsApp because its parent company Facebook has its European headquarters in Dublin. Investigations had shown that WhatsApp had violated European data protection guidelines, writes the DPC. The authority accuses WhatsApp of lacking transparency – among other things, about which data would be passed on to other Facebook companies. WhatsApp said it did not agree with the DPC’s decision. The group wants to appeal against it. (swisstxt)
NZZ, 25 May 2021 The EU law has an indirect impact on Switzerland because it applies to all companies that sell products and services to the EU. The EU has given data protection authorities a powerful tool of enforcement – in particular the possibility of fines, and at a level that hurts even the big […]