More and more international companies have centralized their human resources departments. As a result, Swiss subsidiaries are increasingly being required to transfer the personal data of their employees to the parent company abroad.
Numerous international companies today prefer to have a single HR department, or at least to entrust certain personnel administration activities to a central service. Several HR employees working in Swiss subsidiaries who have been confronted with this development contacted us to find out whether, and under what conditions, personal data may be transferred abroad.
When a subsidiary transfers personal data to its parent company, it is disclosing data to a third party and it is consequently bound by the data protection rules covering the cross-border transfer of personal data. Depending on where the parent company is located, various measures may need to be taken before data can be transferred from Switzerland. This is particularly relevant when data are sent to the USA - a destination that has often been the subject of the inquiries sent to us. In such cases there are three options to choose from, since the United States do not provide sufficient level of data protection. Either the company receiving the data obtains certification from the US Department of Commerce under the US-Swiss Safe Harbor Framework, or a contract must be concluded providing a sufficient level of data protection, or the data subject gives his consent. If the recipient company is located in a country which provides sufficient data protection guarantees, data may be transferred without the need for such measures. Whatever option is chosen, the principle of transparency must apply. Employees working in the Swiss subsidiary must be informed before any data concerning them is transferred abroad.