Switzerland has recently updated its data protection legislation with the new Federal Act on Data Protection (FADP), which came into force in September 2023. This significant step aligns Swiss data protection standards with European regulations, notably the EU’s General Data Protection Regulation (GDPR). The aim is to enhance transparency and provide individuals with greater control over their personal data. This article delves into the key aspects of this legislation, the new provisions introduced, and its implications for both citizens and businesses.

Key Changes in the Swiss Privacy Law

According to MondoPrivacy’s blog, the new law has several key points that Swiss businesses and citizens should be aware of:

  1. Enhanced Right of Access: Individuals now have a broader right to access their personal data. They can request details on how their data is processed and who is responsible for it.
  2. Increased Obligations for Companies: Businesses are now required to demonstrate greater transparency towards data subjects, clearly indicating the purpose for which data is collected and ensuring adequate protection of sensitive information.
  3. Data Protection Officer: The law mandates that companies appoint a Data Protection Officer (DPO), especially for organizations that process large amounts of data or sensitive data.
  4. Data Protection Impact Assessment: Companies must conduct a Data Protection Impact Assessment (DPIA) to evaluate the potential risks associated with the processing of personal data, particularly in contexts that could pose a high risk to the rights and freedoms of data subjects.
  5. Stiffer Penalties: With the new law, penalties for violating privacy regulations have been increased. Fines can reach up to 250,000 Swiss francs, making it crucial for companies to ensure compliance with the law.
Implications for Swiss Businesses

The adoption of the new Swiss privacy law poses a series of challenges for businesses, especially those operating internationally. Many companies will need to review their data processing policies and implement stricter measures to protect information. It is crucial for companies to ensure proper data handling to avoid penalties and maintain customer trust.

Traduce in inglese: Moreover, companies already compliant with the EU’s GDPR will have a head start, as the new Swiss FADP shares many key principles with the GDPR, including explicit consent, the right to rectification, and the right to erasure. However, each company must conduct a specific analysis of Swiss legislation to ensure full compliance.

What changes for Swiss citizens?

The new law significantly increases citizens’ rights regarding their personal data. Individuals now have more control and visibility over how their data is used. This includes not only the right of access but also the ability to object to the processing of their data and to request its erasure.

Another significant change concerns consent. Companies must now obtain explicit consent before processing personal data, especially when it comes to sensitive data. This leads to greater awareness among users about the value of their data and the rights they have.

Conclusions:

The new Data Protection Act represents a significant step for Switzerland in the field of cybersecurity and data protection. Companies are required to adapt quickly and accurately to avoid penalties and maintain user trust, while citizens benefit from greater protection and transparency.