DATA PROTECTION
International data transfer from the Swiss Confederation: the Guidelines of the Swiss Supervisory Authority on SCC.
The Federal Data Protection and Information Commissioner FDPIC has issued an important set of guidelines for the transfer of personal data to a country without an adequate level of data protection, based on standard contractual clauses.
These Guidelines highlight - case by case - the changes that must be implemented to the standard contractual clauses based on the country of destination based on two hypotheses: a) transfer that has no connection with the GDPR and which is therefore governed only by the federal law on data protection; b) transfer based on art. 3.2 GDPR with the data exporter (Data Controller or Data Processor) located in the Confederation and who is therefore subject to both the GDPR and the federal data protection law.
Depending on the two hypotheses, the standard contractual clauses will have to be adapted accordingly, in view of the applicability of the GDPR and the Federal Law on data protection which - where both applicable - will see among the options available that of two data transfer agreements separate or a single transfer agreement governed by the GDPR with the necessary additions pursuant to the Swiss federal privacy law.
These Guidelines highlight - case by case - the changes that must be implemented to the standard contractual clauses based on the country of destination based on two hypotheses: a) transfer that has no connection with the GDPR and which is therefore governed only by the federal law on data protection; b) transfer based on art. 3.2 GDPR with the data exporter (Data Controller or Data Processor) located in the Confederation and who is therefore subject to both the GDPR and the federal data protection law.
Depending on the two hypotheses, the standard contractual clauses will have to be adapted accordingly, in view of the applicability of the GDPR and the Federal Law on data protection which - where both applicable - will see among the options available that of two data transfer agreements separate or a single transfer agreement governed by the GDPR with the necessary additions pursuant to the Swiss federal privacy law.
