On June 28, 2022, Kompetenzzentrum Records Management AG (krm) and Karakun AG (karakun) presented their joint “K2 PID Cockpit” for tracking down personal data in internal systems in Zurich. However, the event kicked off with an exciting look at data protection law in other European countries for practitioners: Dipl.-Kfm. Martin Fischer from Consulting Fischer in Speyer spoke on the topic of “Where do regulators in the EU space strike since the GDPR came into force?”. In his presentation, he drew a heterogeneous picture of the sanctioning practice of data protection authorities in the EU area, with regard to the level of sanctions, prioritization according to the type of violations, focus on different groups of legal subjects, etc. The presentation was followed by a discussion of the current situation in the EU. However, this should by no means lead to the assumption that one could still hope somewhere today that the GDPR would remain a dead letter. Rather, according to Mr. Fischer, all companies would do well to be aware of their own (non-)subordination to the DGSVO and, if necessary, to ensure the corresponding governance measures or to feed the “petty cash” for the payment of potential fines to the necessary extent. Due to the impact principle anchored in the GDPR, this advice also applies to Swiss companies: According to Mr. Fischer, no Swiss company has been fined for a breach of the GDPR since its entry into force; however, this will certainly happen sooner or later.

This prelude put the main topic of the approximately two-hour event against a completely different background. The K2 PID Cockpit now presented could be a key element in establishing data protection governance, especially in the areas of information requests and deletion. The very powerful tool was presented by Dr. Bruno Wildhaber (krm) and by Dr. Holger Keibel (karakun), not only explaining abstracts but also presenting an impressive case study. What seemed remarkable to me in particular was the almost unlimited number of different source systems that can be included here. Depending on the constellation, the ability of this newly developed system to break down data by type within seconds (employment contract, curriculum vitae, etc.) and – closely related to this in terms of content – even to display the situation of impending legal disputes within a useful period of time could prove to be a saving “carabiner”. Before acquiring the PID Cockpit, the only thing that should be analyzed soberly on the basis of a risk-based analysis is whether it can/must also be used to a qualitative and quantitative extent within the company. However, this is only a spurious limitation of the lasting impression that this software solution seems to have made on the audience present overall.

Inspired by these input presentations, an interesting professional exchange between all participants followed during the aperitif.

by Dr. Philipp Dannacher, lawyer in Swissmedic’s Legal Service Medicinal Products