Legal and IT concerns of Data Transfers to non-EU/CH countries

The decision of the EU Court of Justice on data protection (see Schrems II) is also relevant for Swiss companies, since on the one hand the new assessment applies to relationships with companies in the EU, and on the other hand the new Swiss Data Protection Act (CH DPA) is based on the same standards.

Companies must deal with the CH DPA, as it will become mandatory as of January 2022.

In case of non-compliance, the consequences are not as severe as for companies in the EU. The maximum fine of CHF 250,000 is lower than under the EU GDPR, but it directly penalizes C-level individuals and is accompanied by an entry in the criminal record.

In the case of cloud services from US providers, there are insufficient measures to adequately protect the data, according to legal experts and some courts.

It is also recommended to take a closer look at the data transfers to the service providers and, if possible, to anonymize or minimize the data. Anonymization can lower the risk level, especially for sensitive data. There are also technical solutions, e.g. cloud access security brokers, to encrypt the data before it is transferred.

Download presentation (PDF)

Nicole Beranek Zanon

Born in Zurich, Nicole Beranek Zanon completed a higher, bilingual degree (DE/FR) in European Law at the University of Fribourg. After completing her legal training, she joined PricewaterhouseCoopers in Zurich and acquired the tools of the trade at a medium-sized corporate law firm in Zurich and Zug. Due to her love for hands-on working, Nicole Beranek Zanon joined SWITCH as General Counsel and spent a decade helping to shape the Swiss Internet. The take down services she helped develop are now the international standard at ICANN. In 2012, she founded de la cruz beranek Rechtsanwälte AG, which rebranded as HÄRTING Schweiz AG on 1st June 2021. Since then, she is a Managing Partner of HÄRTING’s Switzerland office.

More Webinars