New data protection provisions also affect Switzerland

The new General Data Protection Regulation in the European Union will enter into effect in 2018. Its purpose is to standardize the rules for the processing of personal data. A law of this nature is currently being discussed in Switzerland too. Daniel von Büren of Microsoft explains in an interview what effects this will have on Swiss SMEs.

Personal data will be better protected in the EU and Switzerland
Personal data will be better protected in the EU and Switzerland

Daniel von Büren, the EU wants to use the GDPR to strengthen and standardize data protection. What does this mean for Switzerland?
As you rightly state, the General Data Protection Regulation (GDPR) is being driven forward by the EU. This might lead one to believe that the new guidelines will not be relevant to Swiss companies. But the reality of the matter is different. Basically, they will result in two direct dependencies for Switzerland:
First, since the GDPR will ensure the protection of personally identifiable information (PII), where this data is processed or stored is unimportant. All companies operating internationally will be required to observe the GDPR provisions. But smaller local companies will also have to familiarize themselves with the new guidelines. Allow me to give an example: Imagine a company that offers products through an online shop in Switzerland, but also in areas of foreign countries close to the border. This simple service would in all likelihood require PII data to be stored, meaning that the GDPR would have to be taken into consideration.
Secondly, companies must understand that Switzerland is also reworking its data protection law. Different parties and interest groups have already made statements on the first version of the new draft legislation. Now, revision and the political process need to occur before the bill can become law. The is expected to take place in 2019. On the basis of the current version and the political discussions, we can expect most aspects of the GDPR to be codified in the Swiss law.

How should Swiss SMEs handle the new regulations? 
It is crucial for all companies to engage with the subject, because every one of them, large and small, must understand the basics of the GDPR. Not until then, can they assess what to do in individual cases. Accordingly, I recommend to all of my customers that they initiate the GDPR compliancy process immediately. Because even if a company only operates in Switzerland and is supposedly not subject to European regulations, it will be confronted with identical challenges due to the new Swiss data protection law at the latest.
An entrepreneur, therefore, must understand what the new provisions specifically mean for his or her business and where personal data is stored and/or processed. Using this information, a corresponding catalog of measures can be drawn up in order to gradually implement the requirements of the GDPR. We don’t mean to paint a gloomy picture. Nevertheless, managers and entrepreneurs should also ask themselves what will happen if GDPR guidelines are not observed in the future. This is no laughing matter. Depending on the failure, the company can be fined up to 20 million euros or 4% of its global annual sales. And for many Swiss companies, that would be a punishment that would be painful or even threaten their existence.

What does the GDPR mean for Microsoft?
Microsoft is convinced that the GDPR will help improve the protection of personal data. We can see that Europe is a pioneer in this regard. The GDPR has two consequences for Microsoft. For one thing, we have set the goal of becoming GDPR-compliant by May 25, 2018. Specifically, this means that we have to check all of our processes and structure them in accordance with GDPR regulations. We are convinced that this investment in data security will be worthwhile!
On the other hand, it is our ambition to assist all of our customers in meeting the GDPR provisions. We are providing Microsoft
information, experience and tools for this purpose. These can be used to get a good initial overview. At the same time, the GDPR regulations are also part of the development of our products. We are constantly expanding our solutions with additional functionalities to support the GDPR in customer processes. It is important to understand that the GDPR does not create guidelines for technical implementation, but instead refers to processes in companies. Technical solutions can, however, help with these processes – we see this as a crucial task for Microsoft.

About Daniel von Büren

Daniel von Büren works as a technical solution specialist at Microsoft Schweiz GmbH. In this role, he focuses on the subject of modern working environments and the increasing demands in mobility. He is particularly interested in showing customers how to tackle new challenges efficiently. In this context, the appropriate handling of user and customer data is of crucial importance.
Daniel von Büren gained his first experience in IT in the 90s – and has been enthralled ever since. In the past, as a senior consultant, he actively assisted a number of customers from different sectors in solving their operational challenges.

About Microsoft

Microsoft Schweiz GmbH is a subsidiary of the Microsoft Corporation (Redmond, USA). Since the local branch was founded in 1989, the national company has developed into a typical Swiss SME with 620 staff members. Microsoft Schweiz is closely networked with the country’s business and political institutions and maintains an active dialog with the population on the subjects of innovation, security and education. Its national network of partners includes 6,000 local business partners and 14,000 certified product and solution specialists. Microsoft Schweiz GmbH is headquartered in Wallisellen, near Zürich. Other offices are located in Wollishofen, Bern and Geneva.

E-commerce and security Impulse Event

What does the new data protection regulation mean for your company? Meet Daniel von Büren and other experts at out Impulse Event on business opportunities in e-commerce and security on September 6. Register now 




Official program