We’ve new product updates to share. This time it’s about Data processing agreements (DPAs) and data transfers from Switzerland.
You can now upload multiple DPAs on a vendor profile. So e.g. you can add a copy of a signed DPA (if you have it), and different versions of the DPA you (or your group companies) have in place with the vendor.
By the way, we recommend that you sign the DPAs with your vendors where possible. Signed DPAs enable you to more easily document which agreement you have with the vendor.
As you might have read in our Privacy Newsletter, the revised Swiss data privacy law (Federal Act on Data Protection - “FADP”) came into effect 1st September 2023.
Switzerland is surrounded by the EU. So it’s no surprise that the revised FADP is closely aligned to the GDPR. Like the GDPR, companies targeting goods or services to Swiss people or monitoring their behaviour have to comply with FADP requirements.
Just like with the GDPR - if you are sharing personal data about Swiss consumers with your vendors in third countries, - you need to comply with the requirements for data transfers.
Luckily, Switzerland recognized the updated EU Standard Contractual Clauses (SCCs) as a valid mechanism for data transfers from Switzerland to third countries. But the EU SCCs need to be adjusted to meet the requirements of the FADP.
To help you get a better overview of your data transfers, we’ve started collecting information from your vendors about whether they have incorporated the adjusted Swiss SCCs into their terms.
So you can now filter your vendors to see if they have one (or several) of the following data transfer mechanisms:
That’s all from us.
Sign up for a regular dose of news and updates from the legal landscape.