TopicFederal, applies all sectors and 26 cantons

Data Protection in Switzerland (nDSG / FADP)

Switzerland's revised Federal Act on Data Protection (FADP / nDSG) entered force in September 2023 and aligns closely with GDPR. This hub covers who it applies to, what your privacy policy must say, processing records, and where Swiss and EU rules diverge.

FADP
Federal Act on Data Protection
FDPIC
Federal data protection authority
CHF 250K
Max administrative fine
All sectors
FADP scope
Verified against official sources in Switzerland. ESTV, SECO, AHV-IV, FDPIC, and cantonal portals.
Status: current
CantonGenevaZurichZugBernBaselVaud
TopicVATCompany FormationAHVEmploymentData ProtectionAnnual Obligations
Business typeFreelancerGmbHAGEmployer
Key Numbers

Data Protection in Switzerland (nDSG / FADP), at a glance

FADP
Federal Act on Data Protection
Revised in 2023. Applies to processing of personal data by private persons and federal bodies in Switzerland.
FDPIC
Federal data protection authority
Federal Data Protection and Information Commissioner. Investigates and enforces FADP.
CHF 250K
Max administrative fine
Federal fine on responsible individuals (not the company) for serious breaches.
All sectors
FADP scope
Applies to any business processing personal data, with adequacy with GDPR.
Reference

Registration, filing, and key rules

Practical facts for SMEs in Switzerland that need to register, or are already registered.

Compliance essentials
Who must complyAny business processing personal data in Switzerland
Privacy notice requiredYes, before collection
Processing record (Art. 12)Required, exemptions for SMEs
Breach notificationTo FDPIC as soon as possible
Data subject rightsAccess, rectification, deletion, portability
DPO requirementVoluntary but recommended
AuthorityFDPIC (EDÖB / PFPDT)
edoeb.admin.ch
Cross-border + GDPR overlap
Transfers to EU/EEAPermitted (adequacy)
Transfers to non-adequate countriesRequires safeguards (SCC, BCR)
GDPR applies to Swiss firms whenTargeting EU users or monitoring EU behaviour
EU representativeRequired for GDPR-scope Swiss firms
SanctionsFADP fines on individuals, not company
Children (under 16) consentParental consent recommended
Cookies + trackingConsent + transparency required
Watch Out

Mistakes SMEs make most often, Data Protection in Switzerland (nDSG / FADP)

Four issues that authorities flag regularly in audits of small and medium businesses. Most are avoidable with early setup.

FADP fines target individuals, not the company
Unlike GDPR, FADP fines (up to CHF 250,000) are imposed on the responsible natural person, not the company. Naming a clear data-protection lead in your privacy notice + delegating responsibility correctly is essential to avoid personal liability for the CEO or compliance officer.
Privacy notice must be in customer's language
Swiss data subjects must receive a privacy notice in a language they can reasonably understand. For most SMEs that means German, French, and Italian for Swiss customers, plus English for international. A single English-only notice is rarely sufficient.
Processing register is mandatory unless exempt
Article 12 FADP requires a processing register listing all data flows. SMEs with under 250 employees and processing that does not include 'high-risk' personal data may be exempt. Most online businesses (analytics, marketing automation, customer accounts) do not qualify for the exemption.
Cookie consent must precede tracking
FADP + Telecommunications Act require consent before non-essential cookies (analytics, ad pixels) are set. 'Implicit consent on continued browsing' is no longer accepted by Swiss authorities. Use a compliant consent banner before any analytics fires.

Not sure where Data Protection in Switzerland (nDSG / FADP) compliance applies to you?

Get a free personalised report covering your specific situation, Data Protection in Switzerland (nDSG / FADP)-specific rules included.

Related hubs

By canton or business type

Data Protection in Switzerland (nDSG / FADP) rules are federal, but canton + structure shape how they hit your business.

By canton
By business type