EU-GDPR

The European Union’s General Data Protection Regulation is an EU regulation on data protection that mainly applies in the EU, but also affects Switzerland (both directly and indirectly when drafting new laws).

The full text of the regulation can be accessed here:

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

The GDPR first applies to the processing of personal data by a person or an organization acting in the EU, irrespective of whether there is data processing.

However, the GDPR can also apply to a person or an organization not acting in the EU (such as UZH). This is possible if the data processing is carried out in connection with

1. Offering goods or services to data subjects in the EU, irrespective of whether a payment is provided for them (e.g. an online shop that ships to the EU, or a continuing education offering that is explicitly geared to people in the EU as well);
2. Observing the conduct of data subjects, if their conduct is in the EU (e.g. a website on which the conduct of individual visitors – including people domiciled in the EU – is analyzed using Google Analytics).