Inter­pel­la­ti­on Fia­la (17.4088): Imple­men­ta­ti­on issues regar­ding the EU Gene­ral Data Pro­tec­tion Regulation

EN 
EN  DE  FR 

from

on

Indu­stries

Aut­ho­ri­ty

Laws

Topics

Take-Aways (AI)
  • The EU GDPR affects prac­ti­cal­ly all Swiss com­pa­nies with EU cus­to­mers and cau­ses con­sidera­ble bureau­cra­tic imple­men­ta­ti­on issues.
  • It remains unclear which body is the point of cont­act for Swiss com­pa­nies (FDPIC, EU aut­ho­ri­ty or both) and who recei­ves reports.
  • It remains to be seen whe­ther inve­sti­ga­ti­ons, sanc­tions or dou­ble pro­se­cu­ti­ons by Swiss and EU aut­ho­ri­ties are pos­si­ble and how they will be coordinated.
  • Que­sti­ons regar­ding the reco­gni­ti­on of Swiss cer­ti­fi­ca­ti­ons, par­ti­ci­pa­ti­on in stan­dards and the role of Swiss law remain unre­sol­ved; Fede­ral Coun­cil to initia­te negotiations.

Inter­pel­la­ti­on Fia­la (17.4088): Imple­men­ta­ti­on issues regar­ding the EU Gene­ral Data Pro­tec­tion Regu­la­ti­on [Cf. also Moti­on Fia­la 16.3752 and Que­sti­on Fia­la 17.5528]

Sub­mit­ted text

The­re is hard­ly a Swiss com­pa­ny that is not affec­ted by the EU’s new Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR), which will beco­me appli­ca­ble in the EU on May 25, 2018. The regu­la­ti­on is for­cing all com­pa­nies that have cus­to­mers in the EU to under­go mas­si­ve bureau­cra­tic efforts. Howe­ver, many que­sti­ons regar­ding the con­cre­te imple­men­ta­ti­on are still open and should be ans­we­red by the Fede­ral Council:

  1. Will the EU con­ti­n­ue to reco­gnize the equi­va­lence of Swiss data pro­tec­tion legislation?
  2. Who is the Cont­act for Swiss com­pa­nies (e.g. for noti­fi­ca­ti­on obli­ga­ti­ons) regar­ding the GDPR and e‑DSG? Is this the FDPIC, a body in the EU or even both?
  3. Beco­me Inve­sti­ga­ti­ons and pos­si­ble sanc­tions car­ri­ed out vis-à-vis Swiss com­pa­nies by a Swiss body? How and by whom?
  4. Can com­pa­nies for the same case sanc­tion­ed by Switz­er­land as well as by the EU. become?
  5. Can com­pa­nies From the EU or their mem­ber sta­tes are sanc­tion­ed even though they com­ply with Swiss law?
  6. Beco­me Swiss cer­ti­fi­ca­ti­ons and cer­ti­fi­ca­ti­on bodies reco­gnized by the EU?
  7. Is Switz­er­land in the Deve­lo­p­ment of stan­dards involved?
  8. The GDPR refers in many places to the Law of the mem­ber sta­tes. What role does Swiss law play in this?
  9. The­se que­sti­ons show that the­re is a gre­at need for coor­di­na­ti­on even befo­re the revi­si­on of the DPA is dis­cus­sed in par­lia­ment. For this rea­son, the Fede­ral Coun­cil was ins­truc­ted by the moti­on 16.3752, which was pas­sed, to seek a cor­re­spon­ding agree­ment with the EU. Accor­ding to the ans­wer to my Que­sti­on 17.5528 During que­sti­on time on Decem­ber 4, the Fede­ral Coun­cil sta­ted that it did not want to cont­act the Euro­pean Com­mis­si­on befo­re the par­lia­men­ta­ry con­sul­ta­ti­on. Howe­ver, the abo­ve-men­tio­ned que­sti­ons will alre­a­dy ari­se for many Swiss com­pa­nies in May 2018. Fur­ther­mo­re, the­se imple­men­ta­ti­on que­sti­ons are also very valuable, espe­ci­al­ly for the con­sul­ta­ti­on of the Swiss DPA. What steps does the Fede­ral Coun­cil intend to take in order to regu­la­te this need for coor­di­na­ti­on as quick­ly as pos­si­ble under sta­te trea­ty law?