The first Swiss federal legislation on data protection dates from 1992. This was the era that saw the first mobile phones arriving in Switzerland. However, Switzerland still had more land lines than mobile telephones until 2002. It seems crazy to look back on that time and realise how far technology has come today. In light of such blindingly rapid progress, it was high time for New Federal Act on Data Protection in Switzerland. This legislation will come into force on 1 September 2023.
This article discusses what this means for all of us and the impact it has on data security for your translations.
New data protection law in Switzerland – what has changed?
On 1 September 2023, a New Federal Act on Data Protection (nFADP) will be coming into effect in Switzerland. There will be no transitional period. We have already reported on this in an episode of our news articles and have summarised the most important aspects of this new law below:
- The new nFADP applies to any private individuals, businesses, and Swiss federal entities that process personal data.
- Personal data includes information like names, e-mail addresses and dates of birth.
- For the first time, genetic and biometric data is being included in the definition of data requiring particular protection.
- People must have the right to find out which data about them is being stored. They also have the right to rectify that data or have it deleted at any time.
- Anyone in breach of the new nFADP may be fined up to 250,000 Swiss francs.
What does data security for your translations mean?
Data security for translations refers to the protection of any personal and confidential information that may be contained in the materials to be translated. Alongside personal data, this includes medical records, legal documents, contracts and other confidential business documents. You should therefore be asking a translation agency not only to deliver quality but also to handle your documents securely. After all, a lot of the documents that a language service provider translates on a daily basis contain a variety of confidential information.
But what could go wrong, you may be asking? Let us take you through the translation process to show you the number of stages at which data leaks could occur:
You e-mail the documents for translation to the translation agency of your choice. A project manager examines the documents and then incorporates them into a translation project to be translated into the desired target language. There are then two options:
Scenario 1: You want a human translation done by an experienced specialised translator. In this case, your document will inevitably have to be sent to a third person, the specialised translator in question. If you work with a trustworthy translation partner like SwissGlobal, you can rest assured that this transfer will take place entirely via a 100% secure data server. Specialised translators are furthermore bound by a duty to treat your document confidentially. On request, SwissGlobal and the translator involved can also sign an additional NDA (Non-Disclosure Agreement). This guarantees that your project will be handled with the greatest possible data security – even if third persons like external specialised translators are involved.
Scenario 2: You would like a machine translation (Machine translation) with subsequent post-editing by a language expert. This is a faster and more cost-effective solution if you are under pressure of time and working with a limited budget.
In this scenario, your document is fed into translation software. This also counts as data transfer. If you carry out the machine translation yourself using a standard tool like DeepL, Google Translate, Microsoft Translator or Amazon Translate, your entire data will be released onto the internet. You will lose the confidentiality of your data, and that data will then be available on the internet for people – anyone – to find.
Because SwissGlobal is an ISO-certified translation agency, we can provide a secure solution. Although we do work with translation software, we always work via a secure connection. This means that your data is not put onto the internet: it remains on our secure server in Switzerland throughout the translation process. The same applies to the final step in the post-editing process. A human translator will check through the translation generated by machine and edit the target text until it is perfect. The completed translation is then delivered to you securely and you can rest assured that no private data will have fallen into the hands of unauthorised persons during this process either.
A secure IT partner is the sine qua non
An important aspect of having secure translations is having the right IT partner. Therefore, at SwissGlobal, we work with the ISO-certified IT provider CSF. Herbert Spettel is the CFO at CSF and gives his answers below to the major questions about the new data protection law from an IT perspective.
- What is important to know about the new data protection law from an ISO-certified IT provider’s perspective?
As an IT provider with the relevant certification, we provide support for our clients with the new DPL in the form of a contractual amendment covering order processing. This amendment sets out the respective responsibilities clearly. We offer this amendment as a pre-filled template. Our clients really appreciate it!
- What are the specific steps you need to observe or adjust from an IT point of view?
Having a catalogue of the data in all applications that might be relevant is recommended, even though this is not mandatory except for companies with 250 employees and over. It is always good to know what you have.
There are also good illustrations, such as the one below from the law firm of Ronzani Schlauri Anwälte, that give you a clear view of everything.
- Is your ISO 27001 certification of use to you as an IT provider in these changing times? If so, which advantages does certification offer with regard to the new nFADP and how will clients benefit from it?
We have clear processes for permanently developing risk assessment and risk minimisation. The standard is recognised internationally and gives clients the security that we are able to provide them with all the best professional practices to meet their needs. For regulated clients, compliance audits are considerably easier to handle with an IT partner who is ISO 27001-certified.
- Where does your responsibility as an IT partner end and when does the client’s/private individual’s responsibility begin?
As a matter of general principle, clients are responsible for their own data. If this data is processed in a third-party location, however, an ‘order processing’ contractual amendment is required. This amendment covers the respective contractual regulations. However, it should be in the interests of the data holder to disclose as little data as possible or, even better, to encrypt it. This minimises the risk across the board.
Your data is secure with SwissGlobal
We hope that you have armed yourself against the new data protection legislation in Switzerland. We at SwissGlobal have, in any event. You can rely on us for certified quality and optimum security in your translations.
Please do not skimp on the price you pay for translations: your confidential information deserves to be protected at all times. This will help you avoid data leaks, identity theft and harm to your reputation, which you will not be able to restore afterwards.
Are you looking to find out whether your current translations are secure, or would you like a no-obligation quote from SwissGlobal? Then you have come to the right place. SwissGlobal is Switzerland’s most secure translation company.