The new Federal Act on Data Protection (nFADP) improves the processing of personal data and grants new rights to Swiss citizens. This important legislative change is accompanied by a number of new obligations for businesses and a strengthening of existing requirements.
The completely revised Data Protection Act and the implementing provisions of the new Data Protection Ordinance (DPO) and Data Protection Certification Ordinances (DPCO) will enter into force on the 1st September 2023.
Since the first Federal Act on Data Protection in 1992, fundamental societal changes in terms of digitalization and personal data management have occurred with the daily use of the Internet, smartphones, social networks and the Cloud.
Banks and the financial sector have widely adopted these new technologies in their service offerings, with personalization and accessibility as an essential added value. Moreover, along with banking secrecy, data protection has been part of the industry's DNA for many years. Therefore, this sector has a unique position: on the one hand, it has a clear lead over other companies in terms of data protection; on the other hand, it also has to cope with higher expectations from the public and regulators.
Some institutions have already anticipated many of the new requirements of the nFADP by voluntarily implementing a compliance system with the European Data Protection Regulation (GDPR). Other institutions, on the contrary, have chosen to wait for the Swiss requirements. Nevertheless, and in both cases, it will be from the 1st September 2023 that the robustness of internal control systems will be truly tested in practice.
The new data protection law introduces several major changes. The following will particularly impact companies in the financial sector:
Deloitte has a team of lawyers and legal experts in data protection matters. Through its consulting and auditing practice in the financial sector, Deloitte has a thorough knowledge of the business and regulatory context in which banks and financial intermediaries operate. This enables us to address the new requirements of the new Federal Act on Data Protection (nFADP) in coordination with the regulatory context, while integrating proven industry solutions. Deloitte is also a global leader in the digitalization and integration of Cloud solutions, which have an increasingly decisive impact on the management of personal data. We offer you the following approaches that can naturally be customized: