Skip to content

Data security, data protection (nDSG)

Data secu­ri­ty and data pro­tec­tion are play­ing an increas­ing­ly impor­tant role. A cyber attack or data breach usu­al­ly has seri­ous consequences.

It is there­fore more impor­tant than ever to pro­tect, back up and store data secure­ly. On 1 Sep­tem­ber 2023 the new Swiss Data Pro­tec­tion Act (nDSG) came into force, which also result­ed in adjust­ments to data stor­age. Bro­ker­Star and Bro­ker­Web are pre­pared for this.

Data secu­ri­ty deals with the gen­er­al pro­tec­tion of data and doc­u­ments. Thus, secu­ri­ty in any form falls under the term data secu­ri­ty, as does per­son­al data. The Data pro­tec­tion on the oth­er hand, relates exclu­sive­ly to the stor­age and use of per­son­al data, at least as far as the legal pro­vi­sions are concerned.

Data secu­ri­ty and data pro­tec­tion there­fore pur­sue the goal of secur­ing data of all kinds against threats, manip­u­la­tion, unau­tho­rised access or knowl­edge. Ana­logue and dig­i­tal mea­sures can be tak­en to achieve this. First of all, there are tech­ni­cal and organ­i­sa­tion­al mea­sures, which are also used in the con­text of data protection.

In the dig­i­tal sec­tor, the imple­men­ta­tion of IT secu­ri­ty solu­tions in the form of virus scan­ners, fire­walls etc. con­tributes to the secu­ri­ty of data. Phys­i­cal mea­sures, on the oth­er hand, include access con­trols, fire­proof fil­ing cab­i­nets or safes for sen­si­tive and con­fi­den­tial doc­u­ments. Data back­ups, such as the cre­ation of back­up copies on a sep­a­rate stor­age medi­um, are also essen­tial. A sol­id net­work infra­struc­ture and reg­u­lar updates are the basic pre­req­ui­sites for achiev­ing data secu­ri­ty goals. Data pro­tec­tion, on the oth­er hand, is essen­tial­ly about how per­son­al data is used and stored.

It is there­fore impor­tant to take organ­i­sa­tion­al and per­son­nel pol­i­cy pre­cau­tions to ensure a high stan­dard of secu­ri­ty with­in the com­pa­ny. Employ­ee train­ing and fur­ther edu­ca­tion, as well as the deploy­ment of spe­cial­ists such as IT secu­ri­ty offi­cers and data pro­tec­tion offi­cers, con­tribute to data secu­ri­ty and are some­times manda­to­ry for com­pli­ance rea­sons. IT secu­ri­ty and data pro­tec­tion offi­cers are ded­i­cat­ed to analysing poten­tial secu­ri­ty gaps in your com­pa­ny and cre­at­ing appro­pri­ate mea­sures to achieve the data secu­ri­ty objective.

The terms are there­fore not only close­ly linked, but also influ­ence each oth­er. For exam­ple, com­plete data secu­ri­ty can­not be achieved with­out data pro­tec­tion mea­sures, as oth­er­wise per­son­al data may not be ade­quate­ly pro­tect­ed. On the oth­er hand, com­pre­hen­sive data secu­ri­ty mea­sures are a pre­req­ui­site for effec­tive data pro­tec­tion in accor­dance with legal require­ments and best practice.

The fol­low­ing aspects of the new Data Pro­tec­tion Act are important:

  • Keep track of exact­ly what data is being processed and for what pur­pose. You can pro­vide infor­ma­tion about this at any time and avoid unpleas­ant surprises.
  • Crit­i­cal­ly review the col­lec­tion of per­son­al data. What is effec­tive­ly nec­es­sary for you?
  • Reduce the query cri­te­ria for your cus­tomers to a minimum.
  • Restrict inter­nal data access in the com­pa­ny to as few peo­ple as possible.
  • Check your pri­va­cy pol­i­cy in detail and amend it if necessary.
  • Check and improve the tech­ni­cal default set­tings and user-friendliness.
  • Train your employ­ees to sen­si­tise them to the impor­tance of the topic.

Details on the new data pro­tec­tion law can be found here  and on the offi­cial site of the fed­er­al government

Sources, Profi Engi­neer­ing, 2021, SME dig­i­tal­i­sa­tion 2022, Data pro­tec­tion part­ner 2022, www.admin.ch

Tem­plates and doc­u­ments   (Sources: SIBA, IG B2B, WMC)

Data processing 

Word template 

Portal utilisation 

Word template 

Secure Mail 

PDF document 

IG B2B nDSG 

Presentation