Switzerland isn't in the EU but its firms that deal with the European bloc will be hit by forthcoming data protection rules, so this report contains a warning about getting in shape in time.

Swiss firms are less prepared than their European counterparts for the sweeping EU data protection legislation taking effect from late May, even though even non-EU states such as the Alpine country will be affected by it, new figures show.

An EY study of 745 executives from 10 countries – including Switzerland – showed that only 40 per cent of Swiss businesses have a place for the GDPR set of rules taking effect from 25 May. Even so, 78 per cent of firms said they are increasingly concerned about complying with data privacy rules.

The introduction of new data protection rules, which if breached could see firms fined at up to 4 per cent of annual turnover in certain conditions, has become one of the top compliance challenges for the wealth management sector, affecting any firms with exposure to the EU. (This publication is holding a GDPR breakfast briefing in Zurich on 7 March and has recently held a conference on the topic in London.) The introduction of the GDPR will mean that firms will have to adhere to more stringent practices, ensuring that data is better stored with adequate checks and processes in place to protect it. The reform package will punish miscreants and have already sparked debate on whether the industry can adapt efficiently.

EY said the percentage of Swiss firms saying they are ready for EU legislation compares with the average finding of 60 per cent among European executives.

“The pace of regulatory change continues to accelerate and the introduction of data protection and data privacy laws, such as GDPR, are major compliance challenges for global organisations,” Michael Faske, EY Switzerland fraud investigation and dispute Services leader, said.  

In Switzerland, the adoption rates of many technologies are generally lower than the global averages. Specifically, Swiss companies lag behind in the field of artificial intelligence (21 per cent) compared with the global average (38 per cent), EY said in its report. 

Forensic data analytics
The survey also showed that Swiss companies have “significantly” developed beyond relying on the basic forensic data analytics (FDA) tools to manage legal, compliance and fraud risks. Additionally, 36 per cent of firms said they are likely to adopt robotic process automation within the next 12 months, followed by artificial intelligence at 21 per cent. 

Surprisingly, the survey further revealed that in Switzerland, only 8 per cent of respondents (compared to 13 per cent globally) said they use FDA so they can comply with data protection rules. Fewer than a third (29 per cent) of respondents said they examine exactly which FDA tools they would use to help obey new rules.