Data protection (GDPR)

Since the new European data protection regulation GDPR came into force two years ago, several hundred offences have already been punished with fines. The record to date is a sum of around 200 million euros. Swiss SMEs are still unsettled.

A German lorry driver had to pay a 200 euro fine because he published dash cam footage on the internet. British Airways is expected to have to pay around 200 million euros due to poor IT security precautions. Cases of GDPR violations that are penalised with fines are piling up. Over 200 cases are publicly known. The fact that 160,000 breaches were reported by the beginning of the year and the decisions do not have to be made public suggests that there will be significantly more fines and shows that the EU’s new data protection requirements are being taken seriously.

While large international companies have usually launched corresponding GDPR projects thanks to large legal departments, lawyers and consultants and have already implemented most of the necessary measures, a number of Swiss SMEs are still unsure. The fact that the revision of the Swiss Data Protection Act has still not been finalised almost three years after the presentation of the first draft and that EU data protection equivalence is therefore jeopardised further increases this uncertainty.