nFADP / DSG and Privacy by Design
The revised Swiss Federal Act on Data Protection (nDSG / nFADP) aligns with the European GDPR and significantly tightens obligations for organisations handling personal data.
Core concept
Introduction of substantial personal fines for violations, a duty to notify the FDPIC of a data security breach only where the breach is likely to result in a high risk to the personality or fundamental rights of the data subjects (Art. 24 FADP), and the principle of privacy by design / by default. Individuals have a right of access (Art. 25 FADP); Swiss law does not provide a blanket right to erasure equivalent to the GDPR, deletion or destruction can be pursued through civil-law claims under Art. 32 FADP.
Relevance
- Data Mapping: Documentation of processing activities (records of processing activities). The duty under Art. 12 FADP is subject to exemptions, notably for enterprises with fewer than 250 employees and no high-risk processing.
- Technical Deletion Concepts: Automated enforcement of retention periods in databases.
- Sovereign Hosting: Preference for Swiss data centres for particularly sensitive data.
Related topics
- Technology: Compliance, the control frame for nFADP / DSG and Privacy by Design.
- Innovation: Privacy, the privacy context for nFADP / DSG and Privacy by Design.
- Standards, the standards section that frames nFADP / DSG and Privacy by Design.
Ask AI
These links open external AI services, the conversation and its content are sent to their providers.