As a self-employed person or SME in Switzerland, you must implement the following 12 measures to meet the requirements of the revised Data Protection Act (nFADP), which enters into force on September 1, 2023.
Here is an overview of the 12 most important points:
- Check your privacy policy and expand if necessary
- Create guidelines for data processing within the company (or amend them)
- Create a data processing directory
- Draw up a process for a quick response to queries from affected persons – for example requests for information or the deletion of data
- Introduce a reporting process for breaches of data security
- Define a process for data protection impact assessments for when the data processing entails a high risk for the affected persons
- Analyze contracts with subcontractors regarding data security and add corresponding clauses – so-called data processing agreements – (especially with regard to reporting any breaches of the Data Protection Act)
- Ensure that all personal data is deleted or anonymized as soon as it is no longer needed
- Find out which countries data is transmitted to
- Guarantee data security through appropriate technical and organizational measures
- Ensure data portability and the transfer of the data in a standard electronic format
- Review whether you need a data protection advisor