Also Swiss companies are affected.
The new regulation has a broadened applicability and it applies regardless of where data controllers and processors are.
All entities that offer services or products to persons located in the European Union or collect their data for any purpose are concerned.
The GDPR enforces more stringent data subjects rights and organization’s obligations.
This ranges from the obligation of clearly informing and obtaining agreement to the right of receiving a copy and deleting the data.
To achieve the objective the European Union has significantly increased the fines.
A data breach can be now fined with up to 4% of global turnover or 20 millions euro, whichever of both is highest.
The new regulation is going to set a new standard for data protection rules around the world.
This applies also to Switzerland2 and The Swiss Data Protection Act is indeed under review with the same objectives.
With the new regulation all organizations managing data of subjects in the European Union need to develop a clear roadmap.
The GDPR is an evolution of the existing regulations, not a revolution.
This implies that the very first step is to assess what the organization has and where the gaps are. This will then allow the development of a solid action plan.
As new data is collected, the process must be repeated, hence it must be conceived as a continuous activity, where monitoring will play an important role.
The data owners, your clients and employees, will trust the process, because your organization will master the needed data controls and processing, and this trust will reinforce your relationships.
3 The GDPR applies from 25 May 2018.