Switzerland’s Data Protection Evolution: A Comprehensive Look at the New FADP

Switzerland stands at the forefront of several nations endorsing and bolstering data protection. While the digital era has drastically transformed the way data is collected and shared, keeping it properly protected remains a priority across borders.

Switzerland’s response to this challenge? The new Federal Act on Data Protection (nFADP). This law—hailed as a vital step towards fortifying data privacy in Switzerland—carries with it the essence of European standards while integrating them with Switzerland’s unique socio-political landscape.

FADP: A Journey from 1992 to 2023

Data protection isn’t a fresh concept for the Swiss. Back in 1992, Switzerland established its first Federal Act on Data Protection (FADP). However, given the rapid technological progress, it became increasingly clear that the older act was growing somewhat antiquated.

Partial updates in 2009 and 2019 aimed to bridge some of these gaps, but a comprehensive overhaul soon became a primary concern.

It was in the Parliament’s 2020 fall session that the nFADP was ratified, with an aim to provide Swiss citizens with robust rights regarding their personal data. The alignment of nFADP with the renowned European General Data Protection Regulation (GDPR) showcases Switzerland’s commitment to maintaining seamless data flow between its territories and the European Union.

GDPR vs. FADP: A Comparative Glance

So, why does Switzerland (which is not a member of the European Economic Area, or EEA) seek alignment with GDPR?


The answer lies in the intertwined economies and the increasing digitization of cross-border businesses. Many Swiss-based companies have clientele in the EU. Thus, maintaining GDPR-compliance becomes crucial, not just for business continuity but also for safeguarding the trust of European consumers.


Yet, the nFADP isn’t a mere replica of the GDPR. While both share foundational principles, nFADP is uniquely tailored to Switzerland’s national context.


A significant difference is the enforcement mechanism. Unlike the European counterparts, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) cannot levy direct fines. Instead, regional prosecution authorities play this role for local accountability.

Nitty-Gritties of Personal Data

FABD - Nitty-Gritties of Personal Data

At the core of the nFADP is the objective to protect ‘personal data’. But what does that include?

Simply put, it’s any detail that can pinpoint an individual’s identity—be it a full name, address, workplace, or even a phone number. But there’s more. A subset termed ‘sensitive personal data’ goes even deeper, covering facets like one’s beliefs, health, racial background, and criminal records.

Whom and Where Does nFADP Govern?

Whom and Where Does nFADP Govern?

If you’re a private entity or a federal body processing the personal data of Swiss residents, nFADP is your playbook, even if the data processing occurs outside Swiss borders. However, the nFADP isn’t ubiquitous: It excludes personal data processed for some parliamentary activities and specific judicial processes.

Unraveling the Principles

FABD - Unraveling the Principles

The nFADP is built on a bedrock of principles that guide data processing. These principles include:

Lawful Processing

It's imperative to abide by the law while handling personal data.

Good Faith and Proportionality

Maintain genuineness and balance during data processing.

Specific Purpose

Data should be gathered for a clear purpose and its processing should align with this intent.

Data Retention

Retaining obsolete data is a no-go; it should either be destroyed or anonymized.

Data Accuracy

Keeping accurate data records is non-negotiable. Corrective actions are vital for any discrepancies.

And then there’s the matter of ‘consent’, which stands as a linchpin in the data processing world. It should be informed, explicit, and specific, especially when handling sensitive personal data or high-risk profiling.

Rights of the Individuals

The nFADP is, above all, a citizen-centric law. It arms Swiss individuals with several rights:

Right to Information

One can request details about their data's processing.

Right to Access and Transfer

Individuals have the privilege to obtain their personal data and even transfer it to other controllers.

Right to Correct

If data inaccuracies arise, one can demand its rectification.

Right to Delete

If data processing steps over legal bounds, deletion can be requested.

Rights Concerning Automated Decisions

Individuals can seek clarity and even a human review if automated decisions impact them.

But, these rights aren’t unbridled. For instance, the media has certain privileges to restrict data access if it jeopardizes journalistic integrity.

Infringements and Repercussions

Individuals violating nFADP’s provisions can face fines scaling up to CHF 250,000. In certain scenarios, companies can face penalties up to CHF 50,000.

Data Controllers and Processors

Data controllers and processors aren’t left out. They need to be transparent in their data collection, conduct data impact assessments, and report breaches promptly.

A Comprehensive Compliance Checklist

To ensure alignment with nFADP:

The new FADP is more than just a law. It’s Switzerland’s commitment to its citizens and by aligning with global standards and emphasizing transparency, the FADP is set to bolster the nation’s reputation as a leader in data privacy.

Sales & Support