One year EU data protection basic regulation: First experiences and outlook

This year's Lucerne Law & IT Summit (LITS) on 28 May was dominated by the new EU Data Protection Basic Regulation (DSGVO). The first practical experience reports one year after the DSGVO became applicable were the focus of the presentations.

The LITS takes place annually in Lucerne and brings together lawyers and IT experts to discuss current developments, opportunities and risks at the interface of law and IT. This year's edition started with lawyer Lukas Bühlmann, Partner and Head of Digital, Data Privacy & E-Commerce at Meyerlustenberger Lachenal. He reported on the effects of the DSGVO on companies and found that most Swiss companies and those operating in Switzerland are clearly affected by the new regulation.

Data protection becomes a compliance issue

A large number of companies would now be sensitised to the issue and would only be able to recognise the value of their database and make corresponding changes to their corporate structure. It is essential for future business activities to implement processes that implement the rights of users and guarantee a high level of transparency in the handling of data. However, Lukas Bühlmann also stressed that companies still need clarification in various areas. Many fears, however, turned out to be unfounded, at least for the time being - for example, the massive disposition of horrendous fines has so far failed to materialise.

Many things are unclear or cannot be implemented

Jutta Sonja Oberlin, Cyber Security & Privacy Manager at PricewaterhouseCoopers, picked up this thread again in her presentation. She described that the DSGVO shows facets ranging from unclear and insufficiently defined legal requirements to implementation measures that cannot be implemented. Accordingly, consulting enquiries dealing only with the DSGVO had become more frequent. Particularly in connection with marketing, the questions and problems are manifold. However, it was necessary to wait for further developments, as most companies were still busy with implementation. Ms Oberlin painted the 'big picture' of the regional implementation of the DSGVO and was able to report in particular on her extensive dealings with various national data protection authorities.

Anchoring data protection in corporate culture

After a coffee break, Dr. Nicolas Passadelis, Head of Data Governance and internal data protection officer at Swisscom, and Dr. Roland Staubli, Senior Advisor at Swisscom, reported on their concrete experience in implementing the DSGVO. They thus demonstrated what implementation of the DSGVO could look like within a Swiss company that provides a wide range of communication and data processing services in Switzerland and abroad. They stressed the importance of establishing resource-saving structures that would enable employees to implement data protection independently in their day-to-day work. In doing so, they would take care to train the entire workforce in order to help shape the corporate culture. Only in this way can data protection be anchored in the company on a sustainable basis.

Artificial intelligence will strongly influence data protection

Most recently, futurologist Georges T. Roos gave an outlook on future developments up to 2039 and described artificial intelligence as a megatrend that will also strongly influence developments in data protection. Indeed, algorithms and artificial intelligence are already an important topic and raise the question of whether current regulations such as the DSGVO are prepared for the challenges of upcoming innovations and groundbreaking technological developments. With this question hovering in the room, Mr. Roos brought the event to an end, which ended with a cosy aperitif and exciting discussions among the 70 participants.

LITS as a joint project

The LITS series of events takes place within the framework of "Further Education" (only available in German) at the Faculty of Law of the University of Lucerne. It is a joint project of Mira Burri, lecturer at the University of Lucerne, Reto Fanger, former data protection officer of the Canton of Lucerne, lawyer and owner of ADVOKATUR FANGER and Wolfgang Sidler, business information scientist and owner of Sidler Information Security. The next issue of LITS is planned for the beginning of May 2020. Further information will be communicated in time on the website of Weiterbildung-Recht (only available in German).



Report: Rahel Schär and Mira Burri