GDPR VS nLPD*
How well are your personal data protected in the digital environment?
With the adoption of regulations such as the GDPR and the nLPD, it has become crucial to understand the principles that govern the collection, processing, and management of these data. This article will guide you through these two legislative texts, their impact on businesses and users, and the key differences that distinguish them.
However, it is important to note that managing compliance in data protection can be complex. For specific situations or more technical cases, it is strongly recommended to conduct further research or consult legal experts specialised in the field.
In a nutshell
The General Data Protection Regulation and the New Data Protection Act are texts aimed at strengthening the protection of personal data by regulating their collection, processing, and use.
What they have in common
- Protection of individuals' personal data through compliance by businesses with rules regarding the collection, processing, and use of such data
- Ensuring user consent in cases of data collection
- Guaranteeing access, modification, and deletion of data for users
- Users must be informed and consent before cookies or similar tracking technologies are placed on their devices
- Privacy by Design: Data protection integrated from the design of products or services
- Privacy by Default: Maximum security level embedded by default
- Impact assessments conducted in cases of high risk to the rights and freedoms of individuals concerned
- Prompt notification to the Federal Data Protection and Transparency Officer (PFPDT) in the event of a data security breach
How they differ
What this means for businesses and organisations
Both texts ensure that businesses and organisations are held accountable for the way they manage personal data. They impose rules regarding transparency, security, and respect for privacy. Sanctions are provided for non-compliance with these rules.
What are the implications for users?
Here are some examples of situations arising from these two regulations:
Accepting Cookies: When users visit a website, a pop-up asking them to accept cookies appears. This happens because the site needs users' consent to use cookies to collect information about their browsing behaviour, such as the pages visited, language preferences, interactions with the site, etc.
Terms of Service: When registering for an online service (social networks, messaging apps, etc.), users are asked to confirm that they have read the general terms. This is where they consent to their personal data, such as their name, email address, date of birth, etc., being used by the service in question. The service provider is required to provide clear information on how this data will be used.
Online Purchases: When making an online purchase, users provide information such as their delivery address, payment details, etc. Businesses must protect this data and inform users of how it will be used (order processing, billing, etc.).
Newsletters: Users must have given their consent to receive information and communications from the company. Additionally, users must be able to unsubscribe at any time.
Location: Some services use geolocation (such as Google Maps or transport apps). However, to access users' locations, they must have given permission to be located.
Rights of access, rectification, and deletion: Users can access their information, correct it if inaccurate, and delete it if it is no longer necessary or if the initial consent is withdrawn.
In conclusion
Ensuring the protection of personal data is now a legal and ethical priority for all businesses. If you are facing the implementation of the GDPR or the nLPD, it is crucial to surround yourself with capable professionals.
We offer our expertise to help you navigate this complex environment and ensure the compliance of your activities. For specific situations or more technical cases, do not hesitate to call on our specialists to ensure a compliant and secure management of your data.
Contact us today to learn more!
Sources: https://swissprivacy.law/wp-content/uploads/2021/02/20210211-Tableau-comparatif-nLPD-et-RGPD.pdf
