Data protection must concern every SME

Swiss data protection law will not be as strict as regulation in the EU. Nevertheless, SMEs must deal with the topic in depth and take appropriate precautions. On Wednesday, the Regional Commission German-speaking Switzerland of KS/CS Kommunikation and the IAB Switzerland held an information event at the Mascotte in Zurich.

Good mood at the Zurich Mascotte: David Rosenthal, lawyer at Vischer, Christian Merk, President Regional Commission German-speaking Switzerland KS/CS Communication, Vischer lawyer Rolf Auf der Maur, Martin Radelfinger, President of IAB Switzerland, Volker Dohr, lawyer and Founding Partner at Impunix and Marc Schwenninger, Head of Legal Services at KS/CS (l.t.r.). (Image: Ekaterina Petrova)

Every user on the Internet collects data and data is collected about him or her. What is already thought-provoking at times in the private sphere takes on an even greater significance when it is companies that hold and use data via their own databases. The size of the company is irrelevant here.

While larger companies are usually better equipped in this regard with their own representatives, SME managers must concern themselves with the correct handling of data. And it is imperative that they do so.

Learning from the mistakes of others

Using numerous examples, Volker Dohr, lawyer, lecturer and Founding Partner of the company Impunix, showed how it is also important for SMEs to handle data carefully under the title "The new data protection law in business practice". Several websites had to close down almost overnight, for example, when they were proven not to offer data security.

Companies must also be prepared for and able to fend off data attacks if they neither want to pay a trigger sum nor want their company data, especially sensitive data, to end up on the darknet and become accessible to users there.

Those who want to keep up to date on data handling mistakes or learn from the mistakes of others can visit the GDPR portal which is updated daily. Incidentally, data leaks may also be subject to a notification obligation to the relevant office in Switzerland.

One person is always liable

Rolf auf der Maur and David Rosenthal, both attorneys at Vischer specializing in data protection, explained details of the Data Protection Act that make it easier for SMEs to comply with applicable rules.

Many provisions are solved in a simpler and more pragmatic way in the Swiss data protection law than in the European data protection regulation, The Swiss law comes into force at the beginning of September 2023. There is a good overview here: Various Swiss associations are currently drawing up recommendations on online marketing, which are to be published soon. It is important for every SME that the responsible persons are aware of their responsibility in handling data and designate responsible persons in their company. This way, SMEs are also well prepared for the data protection rules.

It should also be borne in mind that, unlike the rules in the EU, Swiss law provides for personal criminal liability of the persons acting and not of the company itself.

More articles on the topic