In Switzerland, privacy has always been of paramount importance — so much so that the right to privacy is guaranteed as part of the Swiss Federal Constitution. Thus, data has been sacred to Fides since the company’s inception. And we take data privacy and security very seriously indeed.
The new European Union General Data Protection Regulation, commonly known as GDPR, took effect on May 25, 2018. Designed to set a uniform standard for how organizations collect, use and share personal data of EU citizens, it impacts any company that transacts with an EU citizen — regardless of where the company or citizen is located.
Key tenets of the GDPR include:
- Opt-In Consent: Obtain opt-in consent prior to collecting any personal data. This is why so many websites now have a cookie acceptance request that pops up when you first open the site page.
- Data Usage Transparency: Share information on what data is being collected, why you’re collecting it, how long you plan to keep it, and who else you may share it with. If a data breach does occur, provide full disclosure and information on how the issue is being addressed.
- Data Ownership/Right to be Forgotten: Provide methods for consumers to access their data and request their data be deleted.
Penalties for non-compliance are high. For a data breach resulting in the loss of personal data, companies can be charged as much as 4 percent of global annual turnover or €20 million — whichever amount is higher. Plus, of course, there is the potential loss of client trust, which is even more valuable and more difficult to earn back.