Loi sur la protection des données

Following the EU, Switzerland will also introduce a new data protection law (Federal Act on Data Protection, FADP), which is expected to become effective in 2022.

The revised FADP imposes further requirements and obligations on companies. In addition, the criminal provisions are tightened and the powers of the Federal Data Protection and Information Commissioner (FDPIC) are extended.

In its revision of the FADP, the Swiss legislature has been guided by the European General Data Protection Regulation (GDPR). For companies that are already following the GDPR, the implementation of the new act will be therefore more straightforward. Nonetheless, they should also examine the implications of the revised FADP and identify necessary measures to be undertaken. In other cases, however, the revised FADP will have a more profound impact such as:

  • Identifying relevant data processing activities and defining as well as implementing appropriate organizational and technical measures (e.g. measures concerning data security)
  • Establishing appropriate governance and responsibilities, processes (e.g. with regard to data subject rights and notification of data breaches) and (ICS) controls
  • Provisioning and updating of documentation in order to ensure FADP compliance (inter alia data protection policies, records of processing activities and data protection impact assessments)

A general transition period has not been defined. Companies should therefore start working on the implementation of the requirements of the revised FADP in a timely fashion.

OUR SOLUTION

We assist you in carrying out initial data protection assessments, in implementing measures & solutions as well as in the ongoing monitoring and improvement of your FADP compliance. 

Assessments & Compliance Review

  • Readiness Assessment
  • Gap Analysis
  • Audits

Solutions implementation

  • Data Privacy Governance
  • Implementation of an action plan and a road map
  • Roles and authorisation concepts
  • Records of processing activities
  • Deletion concept
  • Review and development of compliance documentation
  • Development of processes/controls, including integration into the ICS
  • Definition of KPIs 

Ongoing support & monitoring

  • External, independent data protection officer (DPO)
  • Compliance support
  • Audit