Glossary> GDPR

Data Protection Regulation - Everything You Need to Know!

The General Data Protection Regulation (GDPR) is a legal framework that establishes rules for the collection and processing of personal data of individuals residing in the European Union. The framework was adopted in 2016 and fully enforced on May 25, 2018. GDPR applies to organizations, regardless of where their websites are located, and imposes obligations on these organizations when targeting individuals in the European Union or collecting data about them. The goal of GDPR is to ensure that companies are transparent about the personal data they handle and that the purpose of using this data is lawful.

GDPR has far-reaching implications for companies that process personal data. This regulation aims to make the handling of personal data more transparent and secure. Any organization that stores and processes employee and customer data faces new obligations. Personal data can only be collected for a predefined purpose, following the principle of “as little as possible, but as much as necessary.” The regulation applies not only to large companies and online shops but also to any business operating on the internet that stores and processes customer data. Companies must take increased measures to ensure data protection, including the clarity of privacy statements and consent texts. Companies are now obligated to document individual operations in directories to fulfill their accountability.

GDPR from the User's Perspective

For users, GDPR brings numerous advantages. They have more control over their data than ever before. Companies must disclose what happens with the data instead of hiding behind legal clauses. Users have the right to know which companies store their data and how it is used. In certain cases, users can exercise their right to deletion (Art. 17) and object to data processing. Additionally, consumers have the right to completeness or correction of their data (Art. 16).

Has the article about GDPR caught your interest?

Digital opportunities & possibilities
Discussion about pain points
Get to know each other

We would be happy to exchange ideas in a free and non-binding call over  a coffee’s length.

Dr. Gero Kühne

Owner

Comparison between the New Swiss Data Protection Act (nDSG) and the General Data Protection Regulation (GDPR)

The new Swiss Data Protection Act (nDSG), which came into effect on September 1, 2023, has some crucial differences from the European General Data Protection Regulation (GDPR). Here are the key differences:

Sanctions

nDSG: Private responsible parties can be fined up to CHF 250,000.
GDPR: EU member state supervisory authorities can impose fines and sanctions on companies, with fines of up to 4% of a company’s global annual turnover or EUR 20 million for serious violations.

Appointment of a Data Protection Officer (DPO)

nDSG: The appointment of a Data Protection Officer (DPO), called Data Protection Advisor (DPA) in Switzerland, is not mandatory but is explicitly recommended.
GDPR: According to Art. 37 GDPR, the appointment of a DPO is mandatory under certain circumstances.

Reporting Data Breaches

nDSG: Data breaches must be reported to the Federal Data Protection and Information Commissioner (FDPIC) as quickly as possible.
GDPR: Data breaches must be reported to the relevant EU supervisory authority within 72 hours.

Data Exports

nDSG: The permissibility of data exports is decided by the Federal Council, and EU standard contract clauses and binding corporate rules apply.
GDPR: The European Commission decides on the permissibility of data exports, and EU standard contract clauses and binding corporate rules also apply.

Data Protection Impact Assessment

nDSG: A data protection impact assessment (DPIA) must be conducted in case of a high risk to the personality or fundamental rights of the data subject. In case of persistent risk, the DPA can be consulted instead of the FDPIC.
GDPR: In case of persistent risk, the supervisory authority must be consulted.

Profiling

nDSG: The revised law regulates profiling, especially the automated processing of personal data for the assessment of personality traits. Consent is only required for high-risk profiling.
GDPR: There is a general requirement for consent.

Sensitive Data

nDSG: Since September 1, 2023, “particularly sensitive data” under the nDSG includes administrative or criminal prosecutions and sanctions, as well as social assistance measures. Thus, nDSG includes two more categories of sensitive data than GDPR.
GDPR: Sensitive data, referred to as “special categories of personal data” in GDPR, includes racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, health data, data concerning sexual life, or sexual orientation.

In summary, the new nDSG has largely harmonized with the European GDPR to ensure the competitiveness of Swiss companies. However, there are some differences that should be noted.

FAQs

What is growth hacking?

Growth hacking is a relatively new marketing method that uses creativity, data analysis, and flexible thinking to sustainably increase the growth of a company through specific tactics (“hacks”)

What is lean management?

Lean management is a new way of thinking that aims to optimize the entire process of the value chain and avoid unnecessary “wastage”.

Growth hacking vs. Performance Marketing?

Growth hacking is often compared to performance marketing. Therefore, we have written a special article which shows the differences between the two. Click here to read the article!

Is growth hacking only for startups?

No! While growth hacking was originally used to promote start-ups, this methodology can now be useful not only for startups but also for corporations or SMEs. In most cases, the diverse ways of using growth hacking are very beneficial.

What makes a growth hacker?

The way a growth hacker works is always geared towards growth, and this person constantly asks themselves the question: “How can maximum growth be achieved?”. The growth hacker has the mindset to work across departments and make the right decisions. At best, a growth hacker should have a T-shaped profile (the advantages of specialist and generalist combined), which means having a general knowledge in many areas and specializing in at least one or more categories.

Growth hacking sounds like good practice for my company. How can I train my employees and colleagues in this area?

Lean & Sharp offers a wide range of different services, including personalized workshops. Contact us at marketing@lean-sharp.ch for further information!