For several years now, there has been a tendency to adopt open space offices, in other words a workspace in which the offices are not separated by partitions. The idea is to make communication within the company more fluid while at the same time bringing staff closer together.
Is a layout of that kind in a company which processes personal data compatible with data protection, in particular with the Swiss Federal Data Protection Act (LPD) and the EU General Data Protection Regulation (GDPR)?
That Regulation may in fact even apply to Swiss companies (on this matter, see: https://wg-avocats.ch/blog/donnees-personnelles).
Our analysis shows that an open space office layout is not incompatible with data protection, despite the possible first impression. A layout of that kind is not prohibited per se, but the cardinal principles of data protection must be respected. In particular, the principle of proportionality which is enshrined in Art. 4 LPD and Art. 5 GDPR.
In practice, this means that the company concerned must take a number of technical and organisational measures to protect the personal data that it processes, in relation both to third parties and to its own employees.
For that purpose, it must determine in the first place which particular data are processed, their character (sensitive personal data etc.) and the departments/employees who or which must have access to them to achieve the purpose for which processing is effected.
The following measures can be quoted as examples:
The penalties that may be imposed in the event of failure to comply with the applicable legal stipulations are by no means negligible, since they may amount to as much as CHF 10,000 under the present LPD (Art. 34 et seq LPD) (on this subject see: https://wg-avocats.ch/blog/revision-loi-federal-protection-donnees/) and, if the GDPR applies, up to EUR
Do you have questions about his topic?