Contact us

New data protection law becomes effective 1 September 2023

New data protection law becomes effective 1 September 2023

The totally revised Data Protection Act will come into force on 1 September 2023. It will ensure better protection of personal data in the future and data protection will be adapted to technological developments.

The most important changes for businesses are:

– In future, only the data of natural persons will be affected; that of legal persons will no longer be considered.
– Genetic and biometric data are included in the definition of data requiring special protection.
– The principles of “Privacy by Design” and “Privacy by Default” are introduced.
– Impact assessments must be carried out if there is a high risk to the personality or fundamental rights of the data subjects.
– The duty to inform is extended: The data subject must be informed in advance whenever personal data is obtained – and no longer only of so-called particularly sensitive data.
– A register of processing activities is mandatory. However, the Ordinance to the Act provides for an exception for SMEs whose data processing involves only a low risk of violations of the personality of data subjects.
– Rapid notification is required if data security has been breached. It must be addressed to the Federal Data Protection and Information Commissioner (FDPIC).
– The term profiling (the automated processing of personal data) has been included in the law.

Detailed information can be found on the website of the Federal Data Protection Commissioner: bit.ly/3EtGBC0