Switzerland is currently in the process of revising the DPA. Swiss Parliament passed the final version of the revised DPA (revDPA) on 25 September 2020. The key objective was to align Swiss law with the revised Council of Europe’s Convention No 108 and with the GDPR. Various amendments to other laws will be implemented alongside the revision of the DPA. This will in particular impact the Swiss Federal Code on Civil Procedure (CCP), the Swiss Federal Penal Code (CP) and the Swiss Federal Code of Penal Procedure (CPP).
Furthermore, the DPO needs to be adapted along with the revDPA. The Federal Office of Justice is currently working on a draft of the new DPO (revDPO), which is expected to be released for public consultation by end of Q2 2021. Once the revDPO is final, the Federal Council will likely enact both the revDPA and the revDPO together. In view of the ongoing process, and in order to grant time to companies having to implement the new obligations, the revDPA and the revDPO are expected to enter into force in mid-2022.
We encourage businesses to use this time to proactively assess the revDPA’s impact on their activities and already start implementing or elaborating processes that will comply with the revDPA. In particular, the following steps are helpful:
- auditing the internal data protection processes;
- performing a risk assessment in anticipation of the revDPA;
- reviewing, enhancing and/or establishing processes, practices, documentation, contracts, policies and notices, etc.
Businesses will have to assess on a case-by-case basis the extent to which their data protection processes need to be modified.