You have CHF 250,000 left over that you want to invest in a fine? Then you can stop reading now. Do you already comply in detail with the European General Data Protection Regulation (GDPR) for all your marketing activities and data? Then you can relax now too, because you've already done most of the work. If you work in a Swiss company - large or small - that hasn't taken care of data protection so far, then you should get into gear now, because on 1 September 2023 the revised Federal Act on Data Protection (FADP) will come into force.
Not only companies, but also the employees responsible for data protection should act. This is because, in contrast to its European counterpart, under the Swiss FADP it is the employee responsible who can be fined and not just the company.
As with all new regulations, there is a great deal of uncertainty at first. Especially since legal formulations first have to be translated into practice. At Demodia, we have set ourselves the goal of ensuring that your marketing activities function smoothly even with the new regulations.
FADP and GDPR - what is the difference for marketers?
First of all, the big difference with the European version (GDPR) when it comes to email marketing: when the GDPR was introduced, companies had to obtain consent from all email addresses that had not explicitly given their consent.
This aspect is regulated differently in Switzerland. Since 2007, the law against unfair competition has stipulated that newsletters may only be sent with explicit consent.
If you do not yet require this consent on your website, we recommend that you install a form with a legal disclaimer as soon as possible. We have already developed best practice methods to ensure that you get consent easily and with the highest possible acceptance.
In email marketing, it is not enough to offer the subscriber the option of not subscribing to the newsletter. On the contrary, they must explicitly agree to receiving the newsletter and the associated data processing.
To ensure that your customers subscribe to your newsletter in large numbers, we recommend the radio button. A radio button is an element that allows only one option from several possibilities. A radio button that requires users to click either their "Yes" to the newsletter (always with a link to the data protection guidelines) or their "No" achieved an approval rate of 60% among our customers compared to the classic checkbox, which rarely exceeds 10%.
Marketing according to the FADP
If consent to newsletters in Switzerland is not regulated by the DPA, what will change in marketing with the revised version?
The DPA regulates data protection, data storage and data processing. And this is exactly where the new risks for Swiss companies arise in the revised version. As a digital marketing agency, we do not give legal advice, but we can support clients with data audits, data centralisation and the implementation of data protection regulations.
Since Swiss companies are required by the rDSG to create a directory of their data processing, it makes sense to store the data in one place if possible. Especially SMEs that work with different tools, such as a CRM, mailer service, analytics programme, etc., have to prove for each service how they process which data. Therefore, it makes sense to use a holistic tool like Hubspot to control many applications from the same tool with the same data. As an official partner of Hubspot, we have years of practical experience and know that, in addition to easier data documentation, companies also save a lot of time in business processes.
Our tips for making your company fit for the FADP:
Start with a data audit of your marketing activities and address the questions:
- How is data currently collected?
- What data is necessary and how is it used?
- Are there privacy statements for other technologies (apps, contact forms, electronic newsletters, etc.)?
- Which persons have which tasks and responsibilities in the data protection process?
Sensitive penalties for employees and for the company can be avoided. Although the Swiss FADP provides for penalties of up to CHF 250,000 against responsible persons, there is a variant that can hit the company sensitively. With a fine of no more than CHF 50,000 and a large investigation effort, the company can be fined instead of the person. This variant will probably be used often, as it consumes much fewer resources for the cantonal public prosecutor's office in the investigation if they make the company pay.
We are happy to offer you support with our best practices for marketing with the FADP. Make an appointment for a no-obligation consultation today, because every day you wait, you accumulate data that may not have been collected and processed in compliance with the law.