Switzerland

Summary

Law: Federal Act on Data Protection 2020 ('FADP') (only available in German here, in French here, and in Italian here)

Regulator: Federal Data Protection and Information Commissioner ('FDPIC')

Summary: The revised version of the FADP was adopted on September 25, 2020 and broadly seeks alignment with the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). The FADP entered into force on 1 September 2023, which constituted a one-year transition period for organisations to ensure compliance.

Further to the above, the revised version of the Ordinance on the Federal Act on Data Protection (available in French here, in German here, and in Italian here) ('FODP') puts certain aspects of the revised FADP into more concrete terms. For example, it sets out the specifics of data security requirements, and the modalities of data breach notices as well as of the right of access and the right to data portability.

Beyond general data protection regulation, the financial sector in Switzerland presents special interest as it is subject to different layers of regulation including data protection laws. Switzerland has also been recognised by the EU as providing adequate protection of data, and has a data transfer agreement with the US in the form of the Swiss-US Privacy Shield. However, the FDPIC recently noted that the Swiss-US Privacy Shield does not guarantee adequate protection for transfers of data to the US.

Furthermore, following the adoption of new Standard Contractual Clauses ('SCCs') for international data transfers by the European Commission in June 2021, the FDPIC announced, on 27 August 2021, that the EU's SCCs could be used for transfers under Swiss law, subject to certain necessary adaptations and amendments.

Browse more content in Switzerland

All Guidance Notes

All News

All Insights

News

18 April 2024

Switzerland: FDPIC issues enforcement notice to Digitec Galaxus for data protection violations

24 January 2024

Switzerland: FDPIC releases guide on data protection measures

10 November 2023

Switzerland: FDPIC confirms FADP requirements apply to AI-based data processing

10 October 2023

Switzerland: FDPIC concludes Oracle's data processing does not violate personality rights

08 September 2023

International: Switzerland ratifies Convention 108+

01 September 2023

Switzerland: FADP and FODP enter into force

31 August 2023

Switzerland: FDPIC releases factsheet on procedure for preparing a DPIA

19 July 2023

Switzerland: FDPIC releases factsheet on investigations of data protection violations

14 July 2023

Switzerland: FDPIC launches new reporting portal for DPOs

29 June 2023

Switzerland: FDPIC releases 30th annual report for 2022/2023

23 June 2023

Switzerland: FDPIC investigates Fedpol and FOCBS concerning potential serious violations of data protection regulations

15 May 2023

Switzerland: FDPIC launches updated website and data breach portal

Insights

September 2023

Switzerland: Data protection in the financial sector

Switzerland's strong reputation for financial services can be traced back to the early eighteenth century, with Switzerland being a forerunner in liberalizing and facilitating international trade, upon which its economy heavily depends. This has led the country to be widely known for its confidentiality, discretion, and data protection, ensuring that clients' bank accounts remain private and secure.

In this Insight article, Paul Lanois, Director at the European law firm Fieldfisher in the US^[1], provides an overview of the relevant legal provisions, as well as some recent developments applicable to the financial sector in Switzerland.

January 2023

Switzerland: Entry into force of the revised FADP in September 2023 - what you need to know

For several years, the Federal Act on Data Protection 1992 ('FADP') and the Ordinance to the Federal Act on Data Protection ('the Ordinance') have been under revision. On 25 September 2020, the Federal Parliament eventually adopted the revised Federal Act on Data Protection 1992 ('the Revised FADP'). However, uncertainties remained since the content of the Ordinance was for a long time unclear. Finally, on 31 August 2022, the Federal Council adopted the text of the revised ordinance ('the Revised Ordinance') and informed that the Revised FADP and the Revised Ordinance will enter into force on 1 September 2023¹.

Johanna Moesch, Associate at Baker & McKenzie Zurich, covers the changes introduced by the Revised FADP and the Revised Ordinance, as well as similarities and differences with the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').

December 2022

International: Overview of the EU-US and Swiss-US Privacy Shield Frameworks

September 2022

Switzerland: Overview of Vendor Privacy Contracts

July 2022

Switzerland: Data Protection in the Automotive Sector

March 2021

Switzerland: FDPIC's guidance on complying with revised FADP

The Federal Data Protection and Information Commissioner ('FDPIC') published, on 5 March 2021, a guide¹ ('the Guide') on the revised Federal Act on Data Protection 1992 ('the Revised FADP') which was adopted on 25 September 2020² and is set to replace the FADP that is currently in force³. The referendum period, which provided voters with an opportunity to express their views on the Revised FADP⁴, ended on 14 January 2021 without the referendum right being used.

Switzerland

Summary

Browse more content in Switzerland

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us