What measures are needed?
Ensure that the personal data is secured with appropriate technical and organizational measures. In this regard, the law does not prescribe which measures are right or wrong. Instead, each individual case must be reviewed regarding how high the risk of a violation is to then determine what the right measures are. The minimum requirements for data security are governed in the ordinance on the revised Data Protection Act.
What are suitable technical or organizational measures?
A lot is considered suitable. The ordinance, for example, includes access and entry restrictions. Measures ranging from data encoding and monitoring to the installation of an alarm system are also feasible. However, regular training, instructions, or the careful selection of the data processor are all appropriate measures to increase data security.
What sanctions are there in the case of a violation?
An intentional violation of these requirements can be sanctioned with a fine of up to CHF 250,000. This underscores how important this point is.