A company accumulates data of all kinds: Nowadays, images, documents and the like are often stored in the cloud via providers such as Dropbox or Google Drive.
However, your own website, including the data collected such as orders and email newsletter registrations, must also be stored somewhere. Perhaps you also use a separate email newsletter tool or a marketing automation tool such as Aivie.
Whenever personal data is involved here and the data is stored on servers abroad, this is a data export – and this must be secured.
The easiest option is therefore to store the data in Switzerland. Countries whose own laws guarantee adequate data protection are also unproblematic (Art. 16 para. 1 FADP).
The Federal Council will develop a list of such “safe countries” for the new DPA (you can assume that this will be based on the European GDPR). You can find a current list here. When exporting data to unsafe countries, you need standard contractual clauses (SCC). (Art. 17 DSG).
