Published: Last updated:

nFADP / DSG and Privacy by Design

The revised Swiss Federal Act on Data Protection (nDSG / nFADP) aligns with the European GDPR and significantly tightens obligations for organisations handling personal data.


Core concept

Introduction of substantial personal fines for violations, a duty to notify the FDPIC of a data security breach only where the breach is likely to result in a high risk to the personality or fundamental rights of the data subjects (Art. 24 FADP), and the principle of privacy by design / by default. Individuals have a right of access (Art. 25 FADP); Swiss law does not provide a blanket right to erasure equivalent to the GDPR, deletion or destruction can be pursued through civil-law claims under Art. 32 FADP.

Relevance

  • Data Mapping: Documentation of processing activities (records of processing activities). The duty under Art. 12 FADP is subject to exemptions, notably for enterprises with fewer than 250 employees and no high-risk processing.
  • Technical Deletion Concepts: Automated enforcement of retention periods in databases.
  • Sovereign Hosting: Preference for Swiss data centres for particularly sensitive data.

Related topics

Ask AI

These links open external AI services, the conversation and its content are sent to their providers.