In Switzerland, privacy has always been of paramount importance — so much so that the right to privacy is guaranteed as part of the Swiss Federal Constitution. Thus, data has been sacred to Fides since the company’s inception. And we take data privacy and security very seriously indeed.

The new European Union General Data Protection Regulation, commonly known as GDPR, took effect on May 25, 2018. Designed to set a uniform standard for how organizations collect, use and share personal data of EU citizens, it impacts any company that transacts with an EU citizen — regardless of where the company or citizen is located.

Key tenets of the GDPR include:

  • Opt-In Consent: Obtain opt-in consent prior to collecting any personal data. This is why so many websites now have a cookie acceptance request that pops up when you first open the site page.
  • Data Usage Transparency: Share information on what data is being collected, why you’re collecting it, how long you plan to keep it, and who else you may share it with. If a data breach does occur, provide full disclosure and information on how the issue is being addressed.
  • Data Ownership/Right to be Forgotten: Provide methods for consumers to access their data and request their data be deleted.

Penalties for non-compliance are high. For a data breach resulting in the loss of personal data,  companies can be charged as much as 4 percent of global annual turnover or €20 million — whichever amount is higher. Plus, of course, there is the potential loss of client trust, which is even more valuable and more difficult to earn back.

A History of Stringent Security Measures

As a Swiss company, Fides already practiced stringent security measures to ensure data privacy long before the new GDPR was enacted, which means compliance is easy for us.

The Swiss Federal Act on Data Protection (FADP) was passed in 1992 and has been in effect since 1993, providing robust data protection for individuals. At the end of 2020, a revised version of the Swiss Data Protection Act, E-FADP, will take effect. E-FADP is closely linked to the GDPR, and is widely recognized as providing equivalent data protection.

In addition, the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

For a bank connectivity provider like Fides, that includes trans-border data flows such as payment initiation. Fides is a data processor for the data owner, in this case, our client.

The proposed EU ePrivacy Regulation is also likely to be implemented within the next one to two years. This regulation is designed to complement the GDPR, focusing on the protection of electronic communications over public networks.

No matter what regulations may be put in place in future, Fides will be ready to implement measures to ensure compliance.

Data Protection to Meet All Requirements

Fides has dedicated compliance, risk and security governance, system security, and additional overall security measures in place, following the highest standards on both a national and an international level. Our data protection is designed to meet the requirements of any client, partner, and bank.

When the new GDPR took effect in 2018, we began classifying all of our data and assessing all our systems: where and how data is stored, who can access it, and how data-related processes and flows interact. Fides practices and follows the highest legal and governance standards. Data access is limited and privileged, with data segregation and accessibility parameters to ensure all security and regulatory requirements are met. Any new systems are designed and built with data protection regulation requirements in mind.

We provide each client with a standard data protection addendum (DPA) as part of our contract, which stipulates that we adhere to all relevant data privacy regulations.

We have always taken pride in protecting our clients’ data, and our clients’ funds. For Fides, compliance with data protection regulations is not a challenge — it’s part of our culture and the way we operate our business.