Data protection

Swisscom attaches great im­por­tance to the legally compliant and re­spon­si­ble processing of personal data. For this reason, in the year under review we further expanded the mea­sures for the protection of personal data and introduced a framework to ensure data ethics.

Data protection within our company is controlled and mon­i­tored by a central data governance unit, which works closely with all the relevant divisions and other staff units. In order to ensure adequate data governance, the re­spon­si­ble unit issued several directives and in­for­ma­tion sheets in the year under review. In addition, employees with a data governance role at Swisscom and at Group com­pa­nies received in-depth job-specific training. The awareness of the rest of the workforce with regard to data protection and confidentiality was further raised by means of ap­pro­pri­ate learning content. What is more, we significantly expanded the testing of systems and ap­pli­ca­tions for their compliance with legal data protection and confidentiality re­quire­ments. Further progress was also made with the de­vel­op­ment of technical tools to support data governance.

Swisscom began implementing the new Federal Act on Data Protection (FADP) in the year under review. The FADP regulates the handling of personal data and had been undergoing revision since 2016. The revised version was adopted by the Federal Assembly in the autumn 2020 session. It is not yet known when it will come into force. Swisscom predicts the new FADP will come into force in 2022.

To ensure data ethics, a newly created, diversely composed Data Ethics Board has reviewed various cases to ensure that they comply with Swisscom’s ethical principles. The data ethics framework has proven itself and will be con­tin­ued.