The revDPA in Switzerland: A new era of data protection & how Customer Identity & Access Management can support.

The digital landscape is constantly changing, and with it the legal regulations that affect businesses and user data. One such paradigm shift in data protection comes with the new, revised Data Protection Act (revDPA) in Switzerland. But what does this mean for companies, and how can they ensure that they act in a data protection-compliant manner?

What does the revDPA mean for companies?

The revDPA focuses on better protecting users’ data while emphasizing the responsibility of companies that work with that data. This means that from now on, companies must be more proactive in their approach to protecting personal data. It is not enough to just reactively respond to data breaches. Companies must now take preventive measures to give users data sovereignty.

What specifically do companies need to consider?

There are various aspects to consider – summarized here in 3 points:

1. transparency: companies must provide transparent and complete information about how they use their customers’ data.
2. Consent: Ensure that user consent has been obtained clearly and unambiguously. Before personal data is processed, companies must thus obtain the user’s explicit consent.
3. data security: it is essential to invest in robust security measures to protect data from breaches. Companies are required to adequately protect personal data through technically appropriate measures.

How can a CIAM help with this?

Among the aspects to be considered, a Customer Identity & Access Management (CIAM) system, such as the one provided by cidaas, can play a crucial role.
An effective CIAM can support companies with various functions to successfully overcome the challenges.

Let’s take a look at all relevant features for cidaas’ revDSG:

1. 1. comprehensive consent management: consent management, or Consent Management, ensures that user consent is properly obtained and stored – one of the main requirements of the revDPA. The versioning of documents, such as privacy policy, terms and conditions, etc. is also ensured by cidaas. For example, if the version of the privacy policy changes between two login processes of a user, cidaas detects this and automatically prompts the user to confirm the new version. Consents & approvals can be displayed transparently in the cidaas Self Service this way. In addition, the user has the chance to revise or revoke his consents at any time.

1. secure authentication: with a CIAM, companies can ensure that only an authorized person has access to certain data, minimizing the risk of data breaches. With methods such as multi-factor authentication (MFA) or passwordless and biometric login procedures, cidaas not only provides the appropriate data security, but, by combining it with user-friendly single sign-on functionality, increases user acceptance at the same time.
2. data transparencyn: a centralized CIAM system can provide companies with an overview of the data they store and help ensure that they only store the data necessary for their business.

With cidaas‘ user self-service, companies can give control of the data back to the user, ensuring that the data is up to date. Thus, companies offer users the ability to view, edit or revoke data that has already been processed or stored. Selective or complete deletion can also be supported by the cidaas self-service portal. Naturally, the accessing user knows his own personal data best and can thus manage it transparently.

Based on the experience with the European GDPR (DSGVO) since 2018, cidaas can already offer Swiss customers the functionalities required by the revised Data Protection Act (revDPA) in Switzerland. Therefore, cidaas is the ideal partner to support companies in meeting the requirements of the revDPA. The hosting of this cloud-based IAM solution takes place exclusively in German or Swiss ISO 27001 certified data centers. cidaas stands for highest standards in data protection and technology.

With its comprehensive feature set, cidaas ensures legally compliant and secure data processing in line with the new law.

Conclusion

The revised Data Protection Act (revDPA) of Switzerland is a big step towards better data protection for all citizens. However, it also requires companies to rethink and improve their data protection practices. These changes can seem overwhelming at first.

A modern Customer Identity & Access Management like cidaas, plays a crucial role in data protection compliance and supports companies to implement the requirements of the revDPA.

cidaas also offers a comprehensive feature set that not only meets the new requirements of the revDPA, but also optimizes your business processes and creates a better customer experience.

For organizations that want to continue to learn about the revDPA requirements and the benefits of a CIAM system, the cidaas and Axalon Round Table on November 17, 2023 is an excellent opportunity. There will be an in-depth discussion and presentation on the importance of digital identity in our ever-changing digital landscape.