26. February 2018
When can personnel data be transmitted/saved abroad?
This question arises when a company wants to save its personal data abroad or wants to use a cloud service that is hosted abroad. These are cases in which the company employs a data processor or, to use the new terminology, is the controller of a processor. Such cases are regulated by Article 10a of the Swiss Data-Protection Act (Datenschutzgesetz or DSG; current version, before revision). The involvement of a processor is permissible, provided it is ensured by means of an agreement that the third party may only process data as the client or controller is allowed to. In addition, the client must ensure that the processor guarantees data security in accordance with Article 7 of the DSG. This can be done by the ...