At the end of May 2018, the new General Data Protection Regulation (GDPR) entered into force in the EU. It is supposed to allow EU citizens to regain control over the usage of their data. This also impacts Swiss companies, even if they have no branches in the EU. Sunrise has compiled the most important facts.

The General Data Protection Regulation (GDPR) has been in effect in the entire European Union (EU) since May 25, 2018. Among other things, it requires companies, associations, and institutions to disclose how data is collected, processed and, if applicable, passed on and used. Thus, the core of the regulation is documenting how and why data is collected and processed in a register. Companies also must inform their customers or members about the usage of their data in a clear and simple language before collecting personal data, and they must delete data immediately upon request. Supervisory authorities must be informed immediately in the event of a data breach.

Problems with WhatsApp and similar apps

Swiss companies that are impacted by the new EU regulation have also been required to inform people about the usage of personal data, obtain customers' and users' consent for processing this data, and create a register of processing activities, among other things, since the end of May 2018. And that is exactly where problems begin for many smaller companies: They use tools, apps, and services from third-party providers that systematically tap and further process data, for example, on servers in the USA.

Do you want to play it really safe? Then take a look at our compliant Work Smart solutions

Of course, you don't have to completely go without messenger tools and the like. In the end, they unite functions like instant messaging, video conferencing, desktop sharing, team coordination, and sharing documents in a single application. Possible alternatives include Threema Work and Microsoft Teams, which are technically safeguarded via end-to-end encryption and legally compliant with European data protection legislation.

Services that are completely tailored to the needs of Swiss companies and where the telecommunications provider, such as Sunrise, assume responsibility for all consequences of the data protection ordinance are even more convenient. Sunrise has a well-versed team of data protection officers who know the pitfalls of the new ordinance and check all apps, services, and tools to make sure they are compliant. In addition, Sunrise guarantees that data collected is stored only on servers in Switzerland for all its services.

Check all contracts now

Generally, the following applies: Check all contracts now to understand where all the data and applications are saved and where data is processed. It is also a good idea to obligate solution providers to disclose all sub-providers and list all server locations where personal data is stored and processed so that information can be provided to the persons concerned at all times. By the way, Switzerland is also currently drafting a federal data protection law. Companies that have already adapted to the GDPR will likely save a considerable amount of time implementing the Swiss version when it is finished.