Switzerland - Federal Act on Data Protection

​

The Swiss Federal Act on Data Protection (FADP) originally dates back to June 19, 1992. It applies to data processing activities carried out by businesses, organizations, federal authorities, and natural persons that process data in the context of business activities.

The FADP has undergone a thorough overhaul to account for technical and legislative changes, especially to bring it in line with the requirements of the GDPR, which are crucial for enterprises that share personal data with organizations in the EU.

​

On September 25, 2020, the Swiss parliament officially approved the new FADP. The Swiss Federal Council will soon determine the new FADP's effective date. The revisions to the new FADP bring its provisions closer to those of the GDPR, expand procedural standards, and improve individual rights. The revised FADP is expected to come into effect in 2023.

​

Even though the Swiss Federal Constitution's Article 13 guarantees the right to privacy, a dedicated data protection law (Federal Act on Data Protection) introduces several rules that safeguard the personal information of data subjects.

for enterprises that share personal data with organizations in the EU.

​

Penalties can be administrative, criminal, and personal.

​

Appointing a DPO is not mandatory for businesses and organizations under the FADP or the Revised FADP. However, the Revised FADP incentivizes the appointment of a DPO, i.e. a 'data protection advisor' (cf. above, regarding DPIAs and prior consultations). In practice, it may also be advisable to appoint a DPO voluntarily, as compliance with documentation and notification obligations and responding to data subjects' requests under the Revised FADP requires businesses, in practice, to establish an internal data protection function.

​

If you need help in becoming and staying compliant with the FADP, please contact us!