Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

Similar documents
Outsourcing und Data Protection

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Cybersecurity Considerations for GDPR

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon

The GDPR Are you ready?

PS Mailing Services Ltd Data Protection Policy May 2018

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

GDPR: A QUICK OVERVIEW

General Data Protection Regulation (GDPR) The impact of doing business in Asia

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

DATA PROTECTION BY DESIGN

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

PROJECT BACKGROUND AND RATIONALE

Data Protection in Switzerland Update Following the Safe Harbor Decision. 21 October 2015 / 6 February 2016 Christian Wyss

Data Subject Access Request Procedure. Page 1 KubeNet Data Subject Access Request Procedure KN-SOP

Data Management and Security in the GDPR Era

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

General Data Protection Regulation (GDPR)

Data Protection Policy

GDPR compliance: some basics & practical to do list

Proposal for a model to address the General Data Protection Regulation (GDPR)

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Data Processing Clauses

GDPR - Are you ready?

Arkadin Data protection & privacy white paper. Version May 2018

The Role of the Data Protection Officer

Islam21c.com Data Protection and Privacy Policy

A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions

General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

Accelerate GDPR compliance with the Microsoft Cloud

PRIVACY STATEMENT August 2018

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Smart Software Licensing tools and Smart Account Management Privacy DataSheet

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

EU GDPR: The General Data Protection Regulation

VISTRA ZURICH AG - PRIVACY NOTICE

1. Right of access. Last Approval Date: May 2018

EU General Data Protection Regulation (GDPR) Achieving compliance

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

SCHOOL SUPPLIERS. What schools should be asking!

New Spanish Regulation Tightens Up Data Protection Requirements RAFI AZIM-KHAN, JOHN NICHOLSON, ALESSANDRO LIOTTA, AND DOMINIC HODGKINSON

Privacy Policy. You may exercise your rights by sending a registered mail to the Privacy Data Controller.

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

Wonde may collect personal information directly from You when You:

Data Processing Agreement

EU-US PRIVACY SHIELD POLICY (Updated April 11, 2018)

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

1 Privacy Statement INDEX

Contributed by Djingov, Gouginski, Kyutchukov & Velichkov

Introduction to the Personal Data (Privacy) Ordinance

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.

EBOOK The General Data Protection Regulation. What is it? Why was it created? How can organisations prepare for it?

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

Introduction to the Personal Data (Privacy) Ordinance

Magento GDPR Frequently Asked Questions

Website Privacy Policy

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

Royal Mail Consultation: Changes to Postal Schemes to reflect new data protection legislation

Data Protection and GDPR

Saba Hosted Customer Privacy Policy

Introduction to the Personal Data (Privacy) Ordinance

GDPR and the Privacy Shield

Liechtenstein. General I Data Protection Laws. Contributed by Wanger Advokaturbüro. National Legislation. National Regulatory Authority.

General Data Protection Regulation (GDPR) NEW RULES

Privacy by Design and the GDPR

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

EY s data privacy service offering

Data Processing Agreement DPA

You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to

University Privacy Campaign. Introduction to the Personal Data (Privacy) Ordinance

Data Breach Notification: what EU law means for your information security strategy

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

Impacts of the GDPR in Afnic - Registrar relations: FAQ

Spring Mobile Mini UK Ltd. Privacy Policy Spring 2018

This Privacy Policy applies if you're a customer, employee or use any of our services, visit our website, , call or write to us.

Adtech and GDPR What to consider when choosing your partner

CEM Benchmarking Privacy Policy

Cisco Webex Messenger

GDPR: An Opportunity to Transform Your Security Operations

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Introductory guide to data sharing. lewissilkin.com

The Rough Notes Company, Inc. Privacy Policy. Effective Date: June 11, 2018

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

GDPR is coming in less than 2 months Are you ready?

20/09/2013. Global Privacy and Data Protection: Practical Risk Assessment and Governance. Topics

Checklist: Credit Union Information Security and Privacy Policies

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

EY s Data Privacy Services. January 2019

Element Finance Solutions Ltd Data Protection Policy

Motorola Mobility Binding Corporate Rules (BCRs)

Transcription:

Changing times in Swiss Data Privacy: new opportunities? Clara-Ann Gordon

Which countries have Data Protection Laws? Source: https://www.taylorwessing.com/globaldatahub/risk_map.html Page 2

Different Data Protection Regimes World-Wide Page 3

Countries with Appropriate Data Protection Level Source: https://www.taylorwessing.com/globaldatahub/risk_map.html Page 4

Revision of the Swiss Data Protection Act Reasons for the revision of the Swiss Data Protection Act Ratification of convention 108 (ETS No. 108) by Switzerland Adaptions to the provisions of the GDPR to achieve recognition from European Union as country with adequate data protection level Time Table for revised Swiss Data Protection Act 21 December 2016: publication of preliminary draft 4 April 2017: expiry deadline of consultation process Summer 2017?: White Paper (Botschaft) to the Parliament Autumn session /Winter session 2017?: Discussion of draft act and ordinances Summer 2018? Passing of the revised act January 2019? Entry into force of revised act GDPR 25 May 2018: Entry into force Other Developments: EU-US Privacy Shield: in place since 11 January 2017 Swiss-US Privacy Shield: starting 12 April 2017 Page 5

The Key Changes I General remarks No absolute change of paradigm Swiss Finish (rules surpassing the GDPR ) should be avoided Various points of criticism Scope of application Protection of personal data from legal entities has been abolished No longer personality profiles but new profiling Consent Not only express but new also unambiguous Cross-border disclosure More complicated and cumbersome No longer only notification requirements, but approval requirements within deadline of 6 months for Binding Corporate Rules (BCR) and standard contractual clauses (SCC) Data processor also subject to approval requirements Page 6

The Key Changes II Increased duties of information and disclosure New duty to inform data subjects of controller/processor identity and contact details processed data and categories Right of access increased by retention period and free of charge Duty to inform and the right to have a say in automatized decisions Duty to pass on information New notification duty also to third parties in case of correction, deletion or destruction of personal data which was previously disclosed to such third parties Technical measures to secure data protection data protection through technology (privacy by design) privacy-friendly default settings (privacy by default) impact assessment of data protection (privacy impact assessments) Data breach notices obligation to report breaches of data protection provisions or loss of data severe penalties Page 7

The Key Changes III Extended controller duties Assure compliance of data processor with data security and new warranty to ensure protection of rights of data subjects Prior consent when involving sub-processors Recommendations of good practice Approval of processing practice by Swiss DPA Good Practice guideline from the Swiss DPA Supervision and sanctions Introduction of administrative sanctions for Swiss DPA Severe penalties: CHF 500 000 in case of intent, CHF 250 000 in case of negligence Major criticism: sanctions aim only at directors and employees. Fine imposed on entity of only CHF 100 000, if liable director or employee cannot be determined Page 8

Overview Key Changes Page 9

What was not adopted from the GDPR? Not adopted from the GDPR: Regulations concerning internal data protection officer (DPO) Processing of data relating to children Right to be forgotten Right of data portability Obligation to consult with data protection authorities etc. Page 10

New Opportunities? Only burden, costly and disruptive? An opportunity not only to comply, but to: evolve the enterprise enhance security posture achieve business growth build trust with customers and stakeholders create positive impact on organisation and team lead to new marketing opportunities increase demand for services in the cyber security and data related services market create market opportunity for e.g. security and storage vendors Page 11

Contact Niederer Kraft & Frey Ltd Bahnhofstrasse 13 CH-8001 Zurich Switzerland Phone +41 58 800 8000 Fax +41 58 800 8080 Web http://www.nkf.ch Clara-Ann Gordon clara-ann.gordon@nkf.ch Page 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback