In January 2012, the European Commission put forward a package of legislative measures designed to update and modernise the regulations of the 1995 Directive on Data Protection (Directive 95/46/CE) and of the 2008 Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (Framework Decision 2008/977/JAI).
On 14 April 2016, the European Parliament approved the submitted texts, thereby finalising more than four years of work. The rules deriving from the General Data Protection Regulation will be directly applicable in all member states from 25 May 2018. The EU countries have until 6 May 2018 to transpose the provisions of the Directive into their national legislation.
Applicability to Swiss businesses (Arts. 3 and 27 GDPR) : It follows from the Regulation and its recitals that the GDPR applies to Swiss businesses in cases provided for by the criterion :
Of establishment (Article 3(1); recital 22): Processing of personal data in the context of the activities of a European branch or a subsidiary with a legal personality of a Swiss company in the Union.
Processing of personal data carried out by a Swiss company acting as processor on behalf of a European company.
A processor in the Union (e.g. IT service provider) who processes personal data for a Swiss company will be subject to the Regulation regardless of whether it is the data of data subjects in Switzerland or the Union (art. 3 § 1 GDPR). It shall be bound to comply with the specific obligations of the processor laid down by the Regulation (cf. Articles 28, 30 § 2 and 37 GDPR) and the requirements imposed by the Swiss law (cf. Article 10a FADP). In case of a breach, his responsibility is likely to be engaged.
It’s therefore important that your legal documents are well written.
In January 2012, the European Commission put forward a package of legislative measures designed to update and modernise the regulations of the 1995 Directive on Data Protection (Directive 95/46/CE) and of the 2008 Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (Framework Decision 2008/977/JAI).
On 14 April 2016, the European Parliament approved the submitted texts, thereby finalising more than four years of work. The rules deriving from the General Data Protection Regulation will be directly applicable in all member states from 25 May 2018. The EU countries have until 6 May 2018 to transpose the provisions of the Directive into their national legislation.
Applicability to Swiss businesses (Arts. 3 and 27 GDPR) : It follows from the Regulation and its recitals that the GDPR applies to Swiss businesses in cases provided for by the criterion :
Of establishment (Article 3(1); recital 22): Processing of personal data in the context of the activities of a European branch or a subsidiary with a legal personality of a Swiss company in the Union.
Processing of personal data carried out by a Swiss company acting as processor on behalf of a European company.
A processor in the Union (e.g. IT service provider) who processes personal data for a Swiss company will be subject to the Regulation regardless of whether it is the data of data subjects in Switzerland or the Union (art. 3 § 1 GDPR). It shall be bound to comply with the specific obligations of the processor laid down by the Regulation (cf. Articles 28, 30 § 2 and 37 GDPR) and the requirements imposed by the Swiss law (cf. Article 10a FADP). In case of a breach, his responsibility is likely to be engaged.
It’s therefore important that your legal documents are well written.
600CHF