Data Protection Law Review | Part 2: Practical Recommendations

In the first article in our series on the data protection revision, we showed you which changes are associated with the revision. In the following, we provide you with recommendations on how to respond to these changes.

Caution yes, panic no! We recommend making adjustments to necessary documents. More importantly, when introducing new procedures, even on a test basis, ensure that data protection requirements are met. Just recently, Volkswagen in Germany accepted a fine of EUR 1.1 million because research vehicles equipped with cameras were not marked as such(press release).

Our five tips for dealing with the revDSG:

  1. When developing and introducing new processes and technical innovations, it is important to check whether personal data will be used and processed. If this is the case, with legal support you can find ways to comply with data protection regulations and minimize risks for criminal proceedings, for example through good documentation.

  2. Experience with the GDPR has shown that not every violation of the data protection provisions is prosecuted with the maximum fine and that cooperation with the data protection authority has a mitigating effect on the amount of the fine. Our recommendation: Seek legal advice in the event of proceedings based on a data protection breach.

  3. There are countless samples and templates for the required documentation, which are based on the GDPR. In any case, such sample documentation is better than no documentation at all. It is even better to adapt this to the requirements of the revDSG with professional help.

  4. Raise your employees' awareness in the area of data protection. Training not only serves to impart knowledge to your staff, but also to document later that you have addressed compliance with the revDSG. Our in-house training or other offers are a good basis for this.

  5. And finally, the following always applies: Find the right balance. You must comply with the legal requirements, but you will not want to deal mainly with data protection. Sometimes a brief risk analysis by a lawyer (risk of data breach, amount of any fine) helps as a basis for decision-making. Often, common sense also helps; for example, health data should never be stored unencrypted for all to see.

At datenschutzmuster.ch we have compiled a lot more information, links and samples for you.

Article: Data protection law revision | Part 1: Overview of changes

Do you have questions about data protection and IT law? We can provide you with comprehensive and practical advice on implementing the new data protection requirements. Please feel free to contact Sven Kohlmeier.

Data protection, IT/IP lawSven KohlmeierWicki Partners AGData protection, revision of data protection law, Wicki Partners AG, Sven Kohlmeier, EDÖP, data processing