The Federal Office of Justice announced on 3 March 2022 that the revised Data Protection Act will not enter into force until September 1st 2023. The Federal Council’s formal decision will be made later this year.
The revised Federal Data Protection Act (revDSG, SR 235.1) is not due to come into force until September 1st 2023, although it was originally planned to come into force in mid-2022. Even if various voices of disappointment are now being raised, there is also something positive to be gained from the delay.
One reason for the delay could be the fact that the draft of the revised ordinance was heavily criticised in the consultation process and that there is still a great need for improvement. There is also the possibility that the chapter on data security in the ordinance will now be regulated more specifically than in the draft, which will lead to increased effort for implementation and technical realisation. It is now a matter of paying attention to what the regulation will bring.
Another reason could be that the revised Data Protection Act does not provide for a statutory transition period. However, such a transition period has been demanded by some in the business community. However, the later entry into force can create an informal transition period, which gives companies a little more time to adopt the changes and requirements of the revDSG. Due to the economic situation and the Ukraine conflict, many companies are likely to be grateful for such a period.
Companies should also make good use of this informal transition period until 1 September 2023. After all, experience with the GDPR clearly showed that before it came into force, there were no longer enough experts available to make the adjustments in a timely and appropriate manner. A survey by the digital association Bitkom also shows that even one and a half years after the GDPR came into force, only 25 percent of the companies had fully implemented the GDPR. 97 percent of the companies surveyed confirmed the high effort involved.
In particular, data cataloguing and contract management were very time-consuming. This picture is also likely to emerge in Switzerland. In particular, companies that have not yet had to apply the provisions of the GDPR are likely to face greater and more time-consuming adjustments. We at HÄRTING Rechtsanwälte AG therefore advise companies to carry out the necessary restructuring and implementation at an early stage.