Effectively manage your DPAs

Written by
September 22, 2023

We’ve new product updates to share. This time it’s about Data processing agreements (DPAs) and data transfers from Switzerland.

New functionality - multiple DPAs

You can now upload multiple DPAs on a vendor profile. So e.g. you can add a copy of a signed DPA (if you have it), and different versions of the DPA you (or your group companies) have in place with the vendor.

Untitled design-4

By the way, we recommend that you sign the DPAs with your vendors where possible. Signed DPAs enable you to more easily document which agreement you have with the vendor.

Data transfers under the Swiss privacy law

As you might have read in our Privacy Newsletter, the revised Swiss data privacy law (Federal Act on Data Protection - “FADP”) came into effect 1st September 2023.

Switzerland is surrounded by the EU. So it’s no surprise that the revised FADP is closely aligned to the GDPR. Like the GDPR, companies targeting goods or services to Swiss people or monitoring their behaviour have to comply with FADP requirements.

Just like with the GDPR - if you are sharing personal data about Swiss consumers with your vendors in third countries, - you need to comply with the requirements for data transfers.

Luckily, Switzerland recognized the updated EU Standard Contractual Clauses (SCCs) as a valid mechanism for data transfers from Switzerland to third countries. But the EU SCCs need to be adjusted to meet the requirements of the FADP.

To help you get a better overview of your data transfers, we’ve started collecting information from your vendors about whether they have incorporated the adjusted Swiss SCCs into their terms.

So you can now filter your vendors to see if they have one (or several) of the following data transfer mechanisms:

  • EU-U.S. Data Privacy Framework (only for data transfers from the EU to certified companies in the U.S.);
  • EU SCCs (for data transfers from the EU to third countries);
  • UK Addendum to SCCs (for data transfers from the UK to third countries) ;
  • Swiss SCCs (for data transfers from Switzerland to third countries).

That’s all from us.