Is the GDPR applicable to my Swiss company?
Even weeks after the new data protection law came into force in Switzerland, many companies still lack orientation. The extensive scope of the GDPR can be confusing when compared to the Swiss Data Protection Act (DPA), but it is worth clarifying this in detail.
The implementation of Swiss data protection law is less complex than the implementation of the GDPR, and the sanctions are also significantly milder than if the GDPR is also applicable, under which the consequences of non-compliance can be significantly more serious. The following overview is intended to provide support in this regard:
Is the GDPR applicable to my Swiss company?
There are two important points that every company should clarify if it processes personal data and wants to assess whether the GDPR of the European Union applies:
- Does a branch exist in the EU and is personal data processed as part of the activities of this branch? If this question is answered in the affirmative, the GDPR must be observed in addition to the Swiss DPA.
- Is the EU a market place? This is again not only linked to the offer of goods or services, but also to the collection of personal data when observing the behaviour of individuals in the EU.
If one or both points apply, a Swiss company must not only comply with the new Swiss DPA, but also with the GDPR. The following applies to both points: The assessment of whether the GDPR applies depends on the specific individual case. In order to avoid unpleasant surprises, it is worthwhile to carry out a detailed analysis in advance.
The following presentation should help to answer this question. It is also available for download as a PDF.
