The transfer of personal data from the subsidiary to the parent company constitutes a disclosure of data to a third party, and the rules of the Data Protection Act for the cross-border disclosure of personal data must be followed. Depending on the location of the parent company, different precautions must be taken for data disclosure from Switzerland. Particularly in the case of data disclosure to the USA, which has been the subject of particularly frequent inquiries, three conditions must alternatively be met because the USA does not guarantee sufficient data protection. Either the data-receiving company has certified itself to the U.S. Department of Commerce in accordance with the “U.S.-Swiss Safer Harbor Framework”, or a contract has been concluded that guarantees adequate data protection, or the data subjects have consented. If the data-receiving company is located in a state that guarantees adequate data protection, the disclosure from Switzerland can be made without these precautions. In principle, however, the transparency principle also applies here. The employees of the Swiss subsidiary must be informed about the data disclosure abroad.
Source: FDPIC – Centralization of human resources abroad