The Swiss-US Privacy Shield Regime, which was denied recognition by the Federal Data Protection and Information Commissioner (FDPIC) on September 8, 2020, serves as the basis for adequate data protection for data disclosures from Switzerland and the USA. The Privacy Shield Regime does not provide an adequate level of protection according to the Federal Data Protection Act (FADP). In doing so, the FDPIC is following the decision of the European Court of Justice, which declared the Privacy Shield agreement between the USA and the EU to be invalid.
Swiss companies must now check whether they process data in the USA. If this is the case, the legal basis must be observed, as processing data based on the Privacy Shield is no longer permitted. A data export to the USA is no longer secured. The basis for data processing on servers in the USA no longer applies, which offers processing on servers in Switzerland.
Nothing changes for Swiss Business Cloud customers. They benefit from the fact that their data is only processed in Switzerland. The geo-redundant data centers in Zurich and Bern are Tier IV equivalent, which guarantees 99.99% availability. They feature, among other things, redundant air conditioning, fire and smoke alarm systems, an uninterruptible power supply, permanent video surveillance and biometric access control. In addition, customers, suppliers and partners benefit from another international quality standard regarding the processing of data through the ISO 27001, 27017 and 27018 certifications.
If you would like to minimize the risk for your company and check the next steps, one of our experts is at your disposal.