The new Swiss data protection law is not a direct adoption of the GDPR. Switzerland continues to have its own law. Nevertheless, the nFADP has expanded both the obligations of companies and the rights of data subjects. For example, information obligations have been expanded, records of processing activities have been introduced for companies above a certain size, and the reporting of data protection violations has been made mandatory in some cases.
Personal advice from experienced CH and DE legal advisors who are always up to date with the latest developments.
We regularly assist start-ups as well as established technology companies in implementing their data protection obligations. Where necessary, we tailor our services to each company and use established standards where possible.
Whether a quick check of the website, a comprehensive assessment of data protection compliance in the company or an individual workshop – we offer the right package at a comprehensive price.
Data protection not only concerns the website, but also, for example, the HR department, marketing or the self-developed app. With the Assessment Package you know which points to consider and what to do.Learn more
We offer tailor-made workshops and trainings around the topic of data protection, for example for employees, management or founders and entrepreneurs.
Our Data Protection Expert Service is available at any time to help you implement the open points and support you with day-to-day data protection issues, so that you can focus on your business.Learn more
We regularly offer free webinars on the topic of data protection.Current webinars
On the one hand, the new law was a request from the business community. On the other hand, the revision was necessary to keep up with technological developments. In addition, the new provisions ensure compatibility with European law and are important so that the EU continues to recognise Switzerland as a state with an adequate level of data protection. This will keep the cross-border exchange of data in the future without additional restrictions or requirements.
The Federal Council decided in August 2022 that the new law will enter into force on 1 September 2023 and will apply from that date. With the transition period of one year until 1 September, companies have been given the time to make the necessary arrangements for implementation.
In the nFADP, the existing sanctions will be expanded and the maximum fine for violations will be increased from CHF 10,000 to CHF 250,000. However, prosecution and assessment remain the responsibility of the cantons. The penalties will continue to affect natural persons, but in the case of violations of data protection provisions that only affect companies, it is precisely not simple employees but the management that will be held responsible. This means that in principal, the members of an executive body, the management and persons who are actually in charge are primarily responsible.
With the nFADP, a data protection impact assessment must be carried out whenever a data processing is planned that is likely to entail a high risk for the rights of data subjects. This is the case, for example, if the extensive processing of personal data requiring special protection (e.g. health data) is planned. The data protection impact assessment must describe the planned processing, assess the risks and identify measures to protect the individuals. If the result is that there is still a high risk, an opinion must be obtained from the FDPIC.
We’re a growing team of 25+ legal professionals. Some of our experts include:
Christian is an entrepreneur and lawyer with a focus on the intersection between technology and law. He regularly speaks, publishes and advises on blockchain-related topics and is specialized in financial market regulation.
Christian Meisser, CEO & Legal Expert
Sebastian advises on the comprehensive implementation of national and international data protection regulations as well as on the implementation of future regulations in the digital field. He is particularly interested in international data transfers and new technologies such as AI.
Sebastian Schneider, Head of Privacy & Digital Regulation, Legal Expert
(1) Select a timeslot
(2) Enter your details and choose a contact method
(3) Get a calendar invite with all details and we’ll be in touch