nLPD: Swiss federal law on data protection
Introduction to legislation
The increasing process of digitization of enterprises leads to an increase in the volume of data collected by each company, although not always consciously.
At the same time, cyber risks and disasters, personal data theft, cases of ransomware extortion and data theft have increased exponentially.
With the revision of the General Data Protection Act (nLPD), important provisions on the processing of personal data have changed since 2023.
Companies will in future have to comply with stricter rules and amend their existing directives and data protection statements.
Key points of nLPD revision
Field of application
nLPD is limited to the protection of personal data.
Impact assessment on data protection
Companies are required to carry out a data protection impact assessment.
Genetic and biometric data are now also considered worthy of particular protection.
Data security breaches should be notified as quickly as possible.
Companies are required to keep a record of processing activities containing the required information.
Privacy by design and privacy by default
It obliges companies to take into account the general principles of data processing.
How SGBox support the Compliance nLPD
SGBox allows the collection and management of data access logs, thus making it possible to monitor the operations carried out on these data.
The tool allows you to set a custom data retention policy for each type of log. It is possible to define specific retention both globally and at the single/host group level. Raw log data is collected and encrypted, digitally signed, protected, marked with date and time and compressed.
The solution can store user data in its original format to comply with government rules such as GDPR, nLPD, and more. You can store the logs inside SGBox or in an external storage with backup and restore features.