Revised Swiss Data Protection Act: No reason to panic

On September 1, 2023, the revised Data Protection Act (revDSG) will come into force. This brings Switzerland closer to the data protection level of the European Union - keyword EU-DSGVO - but still remains individual. Without an implementation period, it will soon take effect and violations will be subject to severe penalties of up to 250,000 Swiss francs. The scope of application includes data protection matters that have an impact in Switzerland, even if they are initiated abroad'. Thus, it is not the location of the data processing that matters, but the Swiss orientation. So what do companies now need to be aware of?

CRM and data protection: does that go together?

Looking at the time since the introduction of the EU GDPR, it can be clearly stated: The connection between the worlds of CRM and data protection has never been as close as it is today. There has been a rethink in the handling of personal data, which has also led to Switzerland now entering the race with a similar construct. Companies should therefore - if they have not already done so - start immediately with the necessary restructuring. This includes internal processes on the one hand, but also the establishment of CRM software on the other. Important: With regard to data protection law, it is not only necessary to take the appropriate technical and organizational measures, but also to automate all processes in such a way that errors are eliminated. In this way, companies can avoid the penalties mentioned above and also generate a competitive advantage.

Behind the times?

Of course, companies may have put off implementing the revDSG until now. Slowly, the deadline is approaching, and CRM systems in particular provide a remedy: However, on the one hand, the CRM system must have data protection functions, and on the other hand, these must be set up. CRM solutions from cobra, for example, have been extensively expanded so that all setting options are available for working in compliance with the law. In addition, cobra solutions are revDSG certified as of version 2023. Established working methods are thus carried out by such a solution in an automated and data protection-compliant manner. What initially looks like digital transformation in Herculean task dimensions still succeeds in time. With a partner like cobra, data protection-compliant work is rapidly becoming an important, value-adding factor. However, procrastinators should not wait too long before implementing the solution so that they do not miss the start.

Stay at eye level

Since 2018, i.e. the introduction of the EU GDPR, Switzerland legally fell into the category of a third country. Since companies from the European Union must also ensure the correct processing of personal data with foreign business partners, such relationships were possible exclusively through an adequacy decision. On a purely legal level, data protection requirements have been increasingly divergent since the GDPR. In order to ensure that the economic positions of the Swiss do not remain in jeopardy, appropriate action was required in the form of the revised DPA. It is therefore hardly surprising that the paper is very similar to that from the EU - with an even stronger focus on data export abroad. It demands one thing above all from companies in terms of conversion and compliance: a willingness to cooperate. Comprehensive obligations must be taken into account in order to remain on an equal footing. By being open to the right CRM solution, companies will gain a lot of momentum from the introduction of the revDSG.

Author:
Since 2009, Jürgen Litz has been Managing Director of the manufacturer of customer relationship management software cobra computer's brainware GmbH based in Constance (D) and, since 2021, also the cobra computer's brainware AG in Tägerwilen (CH).