Data Protection Insights

How to prepare for the implementation of the revised FADP and what you need to know now

Data protection blog series

A robust data protection organization and governance are imperative for protecting personal data in today's world. Companies (including Swiss companies) are facing significant consequences after the General Data Protection Regulation ("GDPR") came into force. This trend has been adopted by other countries as well. Starting September 2023, the revised Swiss Data Protection Act ("DPA") will be in effect in Switzerland. In many respects, the revised DPA will be similar to the data protection laws in the EU, though there are some differences with the GDPR. Find all the relevant information on how to guarantee compliance with GDPR and DPA here.

Interested in our data protection services?Find more information here

Do you want to talk to our experts?
Contact us here

Data protection glossary

Find all relevant definitions of the most used terms here. 

The revised Swiss Federal Act on Data Protection (revFADP) 

The revised Swiss Data Protection Act is the national legislation in Switzerland that regulates the protection of personal data. It incorporates the provisions of the European General Data Protection Regulation (GDPR) into national law and governs the handling of personal data in Switzerland.

Personal Data

Personal data refers to information that relates to an identified or identifiable natural person. This includes, for example, names, addresses, birthdates, contact details, financial information, and other data that enables the identification of an individual.

Processing of Personal Data 

The processing of personal data encompasses any action related to personal data, such as collecting, storing, using, transmitting, deleting, or destroying data.


Consent is the voluntary, informed, and unambiguous agreement of an individual to the processing of their personal data. Under the new Data Protection Law, consent must meet certain requirements to be considered valid and lawful.

Data Subject

A data subject is the natural person to whom personal data relates. The data subject has specific rights under the Data Protection Law, including the right to access, rectify, erase, and object to the processing of their data.

Data Protection Advisor (DPA)

The Data Protection Advisor is an expert consultant who provides guidance on data protection matters within an organization. They assess compliance, conduct privacy impact assessments, assist with policy development, provide training, and offer advice on data breach response. The DPA plays a vital role in ensuring compliance with data protection regulations and protecting individuals' privacy rights. Unlike under the General Data Protection Regulation (GDPR), a Data Protection Officer (DPO), is a designated position mandated by law. The DPA under the revFADP serves as a consultant or external advisor.

Data Protection Impact Assessment (DPIA)

A data protection impact assessment is a systematic assessment of the potential impacts of a planned data processing activity on the protection of personal data. It aims to identify risks and take appropriate measures to protect the data subjects' privacy rights.

Cross-Border Data Transfer

The transfer of personal data to a country outside of Switzerland constitutes an international data transfer. The new Data Protection Law includes provisions for the transfer of personal data to third countries and international organizations to ensure that appropriate safeguards are in place.

Data Breach

A data breach occurs when personal data is accidentally or unlawfully processed, destroyed, lost, altered, or disclosed. The new Data Protection Law includes provisions for reporting data breaches and notifying affected individuals.


The new Data Protection Law introduces sanctions for non-compliance with its provisions. These may include fines, warnings, temporary or permanent restrictions on data processing, and other measures to ensure compliance with the Data Protection Law.

Digital Services Act (DSA)

The Digital Services Act is a proposed regulatory framework by the European Union (EU) that aims to establish clear rules and responsibilities for online platforms. It enhances obligations for platforms to prevent the dissemination of illegal content, ensures transparency in terms of terms and conditions, content moderation policies, and algorithms, strengthens user rights, and facilitates cooperation with authorities. The DSA aims to create a safe and transparent digital environment while promoting innovation and competitiveness in the digital market.

Do you have any questions?