The EU GDPR harmonises the rules on the recording and processing of personal data by companies and public authorities across the EU. Content-wise, the regulation provides, among other things, for the “right to be forgotten”, under which a person can have the data controller erase their data. With the one-stop-shop mechanism, a person can notify the data protection authorities in their member state directly of any data breaches, regardless of where the breach occurred. The regulation also provides individuals with the right to be informed about the processing of their data and sets out the requirements for contractual arrangements in relation to the processing of data by third parties and the transmitting of personal data to third countries. LLB has established corresponding rules which are applicable throughout the Group and implemented the necessary organisational and technical adjustments in a timely manner.
The completely revised Data Protection Act entered into force in Liechtenstein on 1 January 2019. The complete revision of the Swiss Data Protection Act is still in progress. It is to be largely, but not fully, harmonised with EU rules. It is expected to come into force in 2021 (www.llb.li/en/legal-notes/privacy).