Skip to main content

Revised Swiss Data Protection Act: Requirements and implementation

Switzerland's competitiveness and role as a so-called third country of the EU are of essential importance for Switzerland as a business location with regard to EU data protection. As early as 2000, EU recognition of the Swiss level of data protection formed the basis for smooth cooperation and cross-border economic activities between companies in Switzerland and the EU. With the emergence of the modernized Data Protection Convention 108 of the Council of Europe, the protection of the rights of people in cross-border EU countries, especially concerning automatically processed personal data, has been redefined in a forward-looking way. To ensure that cross-border economic activities between Switzerland and the EU states can continue to be carried out without any problems in the future, it became necessary to adapt the Swiss data protection law to the modernized data protection convention of the Council of Europe. To ensure this, the Swiss Federal Council has created a new or revised Data Protection Act (nDSG), including implementing provisions of the new Data Protection Regulation (DSV) and new Regulation on Data Protection Certifications (VDSZ). The revised Data Protection Act will come into force on September 1, 2023, and include the closest possible approximation to the EU's GDPR as well as the implementation of stricter requirements and new penalties for non-compliance. The primary goal is to strengthen the protection of personal data and self-determination over personal data, at the same time it will increase transparency in the procurement of personal data and simplify the information modalities. Other new regulations related to the adaptation of data protection to technological developments and the harmonization of protection goals in the area of data security based on the new Information Security Act of December 2020. There was also a revision of the obligations of data controllers as well as new regulations regarding exemptions from information obligations when disclosing personal data.

Even though there is sufficient time until September 2023 for Swiss businesses to take the necessary precautions for the implementation of the revised data protection law, there is a need for action by all Swiss companies to adapt to the new data protection law. This applies, in particular, to Swiss companies that have not had to deal with the EU's GDPR to date because they have been operating exclusively in the Swiss market.

For all Swiss companies, however, it is crucial to avoid problems or sanctions that may stem from the incorrect application of the new Swiss DPA and violations of the required due diligence in the technical and organizational area. Fines, which have just increased drastically and can hit all companies hard, especially small businesses and self-employed, at best, should be ruled out.

All Swiss companies are called upon to be prepared in good time for the application of the revised Swiss DPA and to align their corporate processes to meet the requirements. The important thing here is to rely on the right solutions and to implement suitable software products, in which the know-how for the problem-free realization of the new data protection requirements already takes place. Only competent partners, product providers, and consultants, who show that they are familiar with the topic and have the expertise and the necessary know-how, should be taken into consideration.

With the SWISS DataSafety Concept, in cooperation with secBase Schweiz GmbH, we have the necessary expertise and know-how to securely align every company according to the basics of the revDSG. In doing so, we ensure the complete coverage of the new Swiss data protection requirements as well as the legally compliant handling of all personal data of customers, patients, and employees for individual business persons, SMEs, and large enterprises.

Focus on your business while we take care of the required data security and legal compliance of your operational concepts and processes. A dedicated analysis of your current company posture and weak points is followed by the development of solutions tailored to your specific business needs. Based on a comprehensive needs-oriented concept, the implementation of mandatory technical-organizational processes and measures, emergency interventions, and the review of your website or web store take place then.

Always stay up to date!

On the subject of Swiss data protection, we recommend visiting the website

In all questions concerning the revDSG of Switzerland, data security, development and realization of security concepts, your company is in the very best hands with our IT security experts. Our experienced team will be happy to answer your questions in this regard at any time. Please contact us via the contact form.