Support Centre

Switzerland

Summary

Law: Federal Act on Data Protection 2020 (FADP) (only available in German here, in French here, and in Italian here)

Regulator: Federal Data Protection and Information Commissioner (FDPIC)

Summary:  The revised version of the FADP was adopted on September 25, 2020, and broadly seeks alignment with the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). The FADP entered into force on 1 September 2023, which constituted a one-year transition period for organizations to ensure compliance. Further to the above, the revised version of the Ordinance on the Federal Act on Data Protection (available in French here, in German here, and in Italian here) (FODP) puts certain aspects of the revised FADP into more concrete terms. For example, it sets out the specifics of data security requirements, and the modalities of data breach notices as well as of the right of access and the right to data portability.

The EU has also recognized Switzerland as providing adequate protection of data. With regard to data transfers to the US, the US and Switzerland concluded a new data transfer agreement, referred to as the Swiss-U.S. Data Privacy Framework (Swiss-US DPF) following the FDPIC noting that the Swiss-US Privacy Shield Framework does not guarantee adequate protection for transfers of data to the US. On August 14, 2024, the Swiss Federal Council announced that certified US companies under the new Swiss-US DPF offer an adequate level of protection, allowing for the transfer of personal data between Switzerland and certified US companies without additional guarantees. An amendment to the FODP allowing for data transfers to US organizations under the Swiss-US DPF came into effect on September 15, 2024.

Furthermore, following the adoption of new Standard Contractual Clauses (SCCs) for international data transfers by the European Commission in June 2021, the FDPIC announced, on August 27, 2021, that the EU's SCCs could be used for transfers under Swiss law, subject to certain necessary adaptations and amendments.

News

Insights

September 2024

Switzerland: Breach or incident notification provisions in the telecommunications sector, health sectors, financial services sector, and critical infrastructures sector

In this Insight article, Roland Mathys and Helen Reinhart, from Schellenberg Wittmer Ltd, explore Switzerland's breach and incident notification provisions across various sectors. Organizations in telecommunications, healthcare, financial services, and critical infrastructure must adhere to specific regulations to avoid fines and legal consequences.

September 2023

Switzerland: Data protection in the financial sector

Switzerland's strong reputation for financial services can be traced back to the early eighteenth century, with Switzerland being a forerunner in liberalizing and facilitating international trade, upon which its economy heavily depends. This has led the country to be widely known for its confidentiality, discretion, and data protection, ensuring that clients' bank accounts remain private and secure.

In this Insight article, Paul Lanois, Director at the European law firm Fieldfisher in the US[1], provides an overview of the relevant legal provisions, as well as some recent developments applicable to the financial sector in Switzerland.

January 2023

Switzerland: Entry into force of the revised FADP in September 2023 - what you need to know

For several years, the Federal Act on Data Protection 1992 ('FADP') and the Ordinance to the Federal Act on Data Protection ('the Ordinance') have been under revision. On 25 September 2020, the Federal Parliament eventually adopted the revised Federal Act on Data Protection 1992 ('the Revised FADP'). However, uncertainties remained since the content of the Ordinance was for a long time unclear. Finally, on 31 August 2022, the Federal Council adopted the text of the revised ordinance ('the Revised Ordinance') and informed that the Revised FADP and the Revised Ordinance will enter into force on 1 September 20231.

Johanna Moesch, Associate at Baker & McKenzie Zurich, covers the changes introduced by the Revised FADP and the Revised Ordinance, as well as similarities and differences with the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').

December 2022

International: Overview of the EU-US and Swiss-US Privacy Shield Frameworks

March 2021

Switzerland: FDPIC's guidance on complying with revised FADP

The Federal Data Protection and Information Commissioner ('FDPIC') published, on 5 March 2021, a guide1 ('the Guide') on the revised Federal Act on Data Protection 1992 ('the Revised FADP') which was adopted on 25 September 20202 and is set to replace the FADP that is currently in force3. The referendum period, which provided voters with an opportunity to express their views on the Revised FADP4, ended on 14 January 2021 without the referendum right being used.

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.