Switzerland’s updated Federal Act on Data Protection (nFADP) has been in force since September 1, 2023, and it’s changing how companies, both local and international, handle personal data.
Designed to enhance transparency, empower individuals, and tighten enforcement, the law applies to all Swiss legal entities and foreign businesses that process data of individuals located in Switzerland.
But while large corporations often have the resources to adapt, how prepared are small and medium-sized companies to meet these new expectations?
Let’s explore 6 critical questions every business should ask:
-
Do You Understand the Types of Data You Handle?
The nFADP classifies data into several categories:
- Personal Data: Any information that directly or indirectly identifies a natural person.
- Sensitive Personal Data: Data that reveals particularly private or vulnerable aspects of a person’s life, subject to stricter protection.
-
Are You Obtaining Express Consent Where Required?
Under the nFADP, explicit consent is mandatory in certain high-risk scenarios:
- Processing of sensitive personal data
- Use of automated high-risk profiling
- Cross-border data transfers to countries without adequate protection, unless proper safeguards are in place
-
Do Your Leaders Understand Their Liability?
Unlike some other data protection laws, the nFADP introduces personal accountability:
- Executives, managers, and responsible individuals can face fines for intentional breaches.
- If it’s not possible to identify the specific offender, the company itself may still be fined.
-
Do You Know Who Enforces the nFADP?
Switzerland uses a dual-enforcement system:
- The FDPIC (Federal Data Protection and Information Commissioner) investigates data protection violations and can issue administrative orders.
- Cantonal Prosecution Authorities enforce criminal sanctions, often based on FDPIC findings.
-
Can Your Business Afford Non-Compliance?
Penalties under the nFADP can be steep:
- Up to CHF 250,000 for intentional violations
- Up to CHF 50,000 for companies when the offender cannot be identified with reasonable effort
-
How Would a Privacy Violation Impact Your Reputation?
Legal consequences aside, public trust is on the line:
- Investigations and sanctions can damage your brand
- Data transparency and responsibility are now market differentiators
In Summary:
Whether you are a startup, SME, or large enterprise, now is the time to reassess your data practices, educate your team, and build trust through transparency.
Need help getting started? Discover Indigita’s e-Learning on nFADP and GDPR to stay compliant with data protection now.
