Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

Similar documents
GDPR compliance: some basics & practical to do list

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Cybersecurity Considerations for GDPR

General Data Protection Regulation (GDPR)

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

EU General Data Protection Regulation (GDPR) Achieving compliance

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

Outsourcing und Data Protection

The NIS Directive and Cybersecurity in

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

The Role of the Data Protection Officer

The GDPR Are you ready?

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

I GOT ROBBED! HOW NYS AND THE US SHOULD PROTECT YOUR DATA ONLINE

Data Processing Clauses

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Data Protection in Switzerland Update Following the Safe Harbor Decision. 21 October 2015 / 6 February 2016 Christian Wyss

NEWSFLASH GDPR N 8 - New Data Protection Obligations

Data Breaches and the EU GDPR

Cyber Risks in the Boardroom Conference

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

GDPR: A QUICK OVERVIEW

Our agenda. The basics

April 2018 Page 1 of 14

General Data Protection Regulation (GDPR) NEW RULES

L attuale scenario in cyber security all indomani dell adozione di nuovi quadri normativi europei

DATA PROTECTION BY DESIGN

Data Management and Security in the GDPR Era

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

European Union Agency for Network and Information Security

GDPR: A technical perspective from Arkivum

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Workday s Robust Privacy Program

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

Governance and Compliance Learning from the Private Sector. David Coverdale

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

IT MANAGEMENT AND THE GDPR: THE VMWARE PERSPECTIVE

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

Regulating Cyber: the UK s plans for the NIS Directive

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

Adtech and GDPR What to consider when choosing your partner

The Simple Guide to GDPR Data Protection: Considerations for and File Sharing

GDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February,

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

GDPR Update and ENISA guidelines

GDPR Workflow White Paper

Catalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

CYBER INSURANCE: MANAGING THE RISK

Hong Kong s Personal Data (Privacy) Ordinance

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

SIX Trade Repository AG

How to work your cloud around the UK ICO s Data Protection Act

Prohire Software Systems Limited ("Prohire")

2017 RIMS CYBER SURVEY

EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS

Financial Regulations, Enforcement & Cybersecurity

City, University of London Institutional Repository. This version of the publication may differ from the final published version.

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

New Requirements for Legal Analytics & Artificial Intelligence Under the GDPR

SCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E

Legal framework of ensuring of cyber security in the Republic of Azerbaijan

The GDPR data just got personal

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

Data Protection and GDPR

Cyber Security Law --- Are you ready?

GDPR - Are you ready?

VISTRA ZURICH AG - PRIVACY NOTICE

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know

Proposal for a model to address the General Data Protection Regulation (GDPR)

Information technology Security techniques Code of practice for personally identifiable information protection

Archive Legislation: archiving in the United Kingdom. The key laws that affect your business

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

ngenius Products in a GDPR Compliant Environment

General Data Protection Regulation (GDPR)


EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology

Eight Minute Expert GDPR

General Data Protection Regulation (GDPR) The impact of doing business in Asia

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

Developing and Implementing Data Protection Law: Malaysia and Beyond

This document is a preview generated by EVS

Cybersecurity Auditing in an Unsecure World

Legal, Ethical, and Professional Issues in Information Security

Google Cloud & the General Data Protection Regulation (GDPR)

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

simply secure IncaMail Information security Version: V01.10 Date: 16. March 2018 Post CH Ltd 1 / 12

Information Security Incident Response Plan

African Theatre Association (AfTA) PRIVACY POLICY

SCHOOL SUPPLIERS. What schools should be asking!

Transcription:

Disruptive Technologies Legal and Regulatory Aspects 16 May 2017 Investment Summit - Swiss Gobal Enterprise

Legal and Regulatory Framework in Switzerland Legal and regulatory Framework: no laws or provisions relating specifically to disruptive technologies statutory provisions in general formulated in a technology-neutral manner some Circulars from some supervisory authorities: e.g. Swiss DPA, FINMA, etc. relating to topics such as digitalization and cloud But a lot in the pipeline: Federal Council Strategy for a digital Switzerland Smart Switzerland Initiative Consultation on new Fintech Regulations 16 May 2017 Page 2

Data and Technologies (raw) data devices (sensors, gateways, ) software telecommunications encryption / security services data warehouse / analytics platform services (cloud) 16 May 2017 Page 3

Common Legal and Regulatory Risks data breach data privacy laws data quality / errors liability device malfunctions / product liability IP / proprietary rights (data as an asset?) regulatory hurdles processing errors service quality software errors 16 May 2017 Page 4

Data Protection I What is data? any kind of information created by human or machine no statutory protection per se for only data What is personal data? Personal data is any data relating to an identified or identifiable person Protection of personality rights and not of the data itself Accordingly anonymous data is not considered personal data Federal Act on Data Protection dated 19 June 1992 (DPA) Questions: personal data or just any kind of other data (e.g. machine data)? how can data be protected? strict requirements relating to personal data 16 May 2017 Page 5

Which Countries have Data Protection Laws? 16 May 2017 Page 6

Different Data Protection Regimes Worldwide 16 May 2017 Page 7

Countries with Appropriate Data Protection Level 16 May 2017 Page 8

GDPR and Revision of Swiss Data Protection Act Stricter Rules and massively higher fines as from 25 May 2018: Extraterritorial reach of the GDPR Stronger enforcement powers Transparency rules extended New accountability obligations Data protection by design and default Stricter consent rules Right of access, right to data portability, right on automated processing Right to be forgotten Data security measures Massive fines: up to 20 million Euro or up to 4% of worldwide annual turnover Swiss Data Protection Act in revision in order to achieve adequacy level of GDPR In general importance of data protection compliance has massively increased 16 May 2017 Page 9

Data Security Data Breaches DDos Attacks and the like Predicted market growth will accentuate the issue Financial liability for lack of security What is appropriate level of data security? no specific act state of the art / appropriateness of data security systems ISO / IEC 27k family of standards other useful guidelines Data Breaches new and stricter rules under the GDPR and Swiss law ongoing confidentiality, integrity, availability and resilience ability to restore process for regular testing data breach notification (72 hours) also under new Swiss Data Protection duty to inform massive fines if no notification 16 May 2017 Page 10

Special Regulatory Questions Hurdles for regulated sectors Finance (banks, insurances), Telecom, Pharma Audit Right Location of storage of data Banking Sector Protection of Banking Secrecy FINMA Circular 2008/7 «Outsourcing Banks» FINMA Circular 2008/21 «Operational Risks Banks» Telecom Sector Ban for foreign providers to provide telco services in Switzerland > Duty to comply with employment legislation and related standards/customs > Duty to comply with lawful intercept and surveillance legislation 16 May 2017 Page 11

Liability I Issues: delegation of task from operators to technology humans as controllers and supervisors machine intelligence and autonomy challenge of complexity how to maintain control, prevent and mitigate failures Who is responsible in case something goes wrong? Providers (software, hardware, services)? Users? Organisations (companies, agencies)? Who is liable to compensate for damages to persons and goods? Who is liable to compensate for damages to persons and goods? Providers (software, hardware, services)? Organisations (companies, agencies)? 16 May 2017 Page 12

Liability II Legal framework: Statutory provisions: Product Safety Act and Product Liability Act Code of Obligations tort Act on Technical Barriers on Trade Standards and State of the Art Criminal liability Contractual liability: Exclusion of liability? Back-to-back liability provisions Expand force majeure provisions: for hacking incidents etc. 16 May 2017 Page 13

Conclusions No specific law relating to disruptive technologies as such but a lot of initiatives in the pipeline Swiss authorities are open minded Increase of investment in disruptive technologies by Swiss companies e.g. Switzerland ranked no. 1 by EPO in filing for computer technology patents Data protection compliance massively increased importantance Decisive to remain competitive implementation of cyber security response plan Regulatory compliance close cooperation with Swiss supervisory authorities Implementation of contracts dealing with back to back liability The future is bright for Disruptive Technologies in Switzerland! 16 May 2017 Page 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback