GDPR – General Data Protection Regulation – entered into force on 25th May 2016 and will become directly applicable in the EU member states from 25th May 2018. The regulation affects processing of personal data and the free movement of data. In summary, GDPR:
Establishes a framework of rules related to data protection within the EU
Enlarges the territory where the EU regulations apply
Enforces new obligations
Acknowledges new rights
Imposes significant fines non-compliance
While the European Union cannot hold companies domiciled solely in Switzerland responsible, these companies’ branches based in EU countries will be affected and could be prosecuted for non-compliance.