The new Swiss Data Protection Law: Get ready!

We help you to assess the impacts on your business and take the steps towards compliance with the new Swiss Data Protection Act (nFADP) coming into force on September 1st, 2023.

Book a free call

What is in store for me?

The new Swiss data protection law is not a direct adoption of the GDPR. Switzerland continues to have its own law. Nevertheless, the nFADP has expanded both the obligations of companies and the rights of data subjects. For example, information obligations have been expanded, records of processing activities have been introduced for companies above a certain size, and the reporting of data protection violations has been made mandatory in some cases.

Benefits of our LEXR data protection expertise

Advice & Best Practices

Personal advice from experienced CH and DE legal advisors who are always up to date with the latest developments.

Extensive experience

We regularly assist start-ups as well as established technology companies in implementing their data protection obligations. Where necessary, we tailor our services to each company and use established standards where possible.

Efficient & price-transparent implementation

Whether a quick check of the website, a comprehensive assessment of data protection compliance in the company or an individual workshop – we offer the right package at a comprehensive price.

Book a free call

Our offers on the new Swiss data protection law:

Website Privacy Compliance

The first impression counts. The website is the company’s business card and with our flat-fee package of CHF 550 you can make sure that the privacy policy, the cookie policy and the imprint comply with the legal requirements.

Learn more

Assessment Package

Data protection not only concerns the website, but also, for example, the HR department, marketing or the self-developed app. With the Assessment Package you know which points to consider and what to do.

Learn more

Workshops and Training

We offer tailor-made workshops and trainings around the topic of data protection, for example for employees, management or founders and entrepreneurs.

Data Protection Expert

Our Data Protection Expert Service is available at any time to help you implement the open points and support you with day-to-day data protection issues, so that you can focus on your business.

Learn more

Webinars

We regularly offer free webinars on the topic of data protection.

Current webinars

FAQ

Why is there a new data protection law in Switzerland?

On the one hand, the new law was a request from the business community. On the other hand, the revision was necessary to keep up with technological developments. In addition, the new provisions ensure compatibility with European law and are important so that the EU continues to recognise Switzerland as a state with an adequate level of data protection. This will keep the cross-border exchange of data in the future without additional restrictions or requirements.
When does the new law come into force? By when do I have to implement it?

The Federal Council decided in August 2022 that the new law will enter into force on 1 September 2023 and will apply from that date. With the transition period of one year until 1 September, companies have been given the time to make the necessary arrangements for implementation.
Will sanctions be tightened?

In the nFADP, the existing sanctions will be expanded and the maximum fine for violations will be increased from CHF 10,000 to CHF 250,000. However, prosecution and assessment remain the responsibility of the cantons. The penalties will continue to affect natural persons, but in the case of violations of data protection provisions that only affect companies, it is precisely not simple employees but the management that will be held responsible. This means that in principal, the members of an executive body, the management and persons who are actually in charge are primarily responsible.
What is a data protection impact assessment?

With the nFADP, a data protection impact assessment must be carried out whenever a data processing is planned that is likely to entail a high risk for the rights of data subjects. This is the case, for example, if the extensive processing of personal data requiring special protection (e.g. health data) is planned. The data protection impact assessment must describe the planned processing, assess the risks and identify measures to protect the individuals. If the result is that there is still a high risk, an opinion must be obtained from the FDPIC.

About us

We’re a growing team of 30+ legal professionals. Some of our experts include:

1

Sebastian advises on the comprehensive implementation of national and international data protection regulations as well as on the implementation of future regulations in the digital field. He is particularly interested in international data transfers and new technologies such as AI.

Sebastian Schneider, Head of Privacy & Digital Regulation, Legal Expert
2

Christian is an entrepreneur and lawyer with a focus on the intersection between technology and law. He regularly speaks, publishes, and advises on blockchain-related topics and is specialized in financial market regulation.

Christian Meisser, CEO & Legal Expert
3

Julia is an expert in data protection law and advises companies on all aspects of implementing existing and future regulations in the digital sector as well as on labor law issues.

Julia Peidli, Senior Legal Counsel
4

Yoann’s focus is on advising clients on HR issues. He also assists with corporate and IP matters, as well as contractual and data protection issues.

Yoann Garraux, Legal Counsel