Revised Swiss Federal Data Protection Act enters into force today

The law, inspired by the GDPR and revised to maintain a free flow of data between the EU and Switzerland, enters into force on 1 September.

New elements include Data Protection Impact Assessments for the processing of sensitive data, records of processing activities (ROPA), Data Protection Advisors (DPOs) and data breach reporting. Privacy by Design is also now explicitly mentioned.

The revised law applies to the processing of personal data of natural persons. The previous law also included legal entities.

The Data Protection Commissioner will start charging private sector companies fees for some of his services, for example opinions on codes of conduct and data protection impact assessments, and approval of Standard Contractual Clauses and Binding Corporate Rules. The processing of complaints remains free of charge.

See The new Data Protection Act

Subscribers can read an analysis of the law in the article "Switzerland’s DP Act revised" published in PL&B International Report October 2020.