Here are some key points for website owners to consider under Switzerland’s new data protection law:
Informing users: Website owners must inform users about how their personal data is collected, processed and used. They must also provide information on the purpose of the data collection, how long the data will be kept and users’ rights regarding their data;
Consent: Website owners must obtain explicit consent from users to collect, process and use their personal data. Consent must be free, informed, specific and unambiguous;
User rightsWebsite owners must respect users’ rights with regard to their personal data, such as the right of access, the right of rectification, the right to erasure (“right to be forgotten”), the right to processing limitation, the right to data portability and the right to object;
Data security: Website owners are required to implement appropriate technical and organizational measures to ensure the security of personal data and prevent leakage, loss or unauthorized access.
Notification in the event of a data breach: In the event of a data breach, website owners must inform the competent supervisory authority within 72 hours of becoming aware of the breach, and the persons concerned without undue delay.
International data transfers: Website owners must ensure that international transfers of personal data are carried out in accordance with legal requirements, particularly when data is transferred to countries that do not guarantee an adequate level of protection.
Liability and penalties: Website owners may be held liable for non-compliance with data protection law, and may be subject to financial penalties for breaches of legal provisions.
