top of page
Image Numérique pour Illustrer les posts du blog de Cybersécurité et de Transformation Numérique de OCIM en Suisse Romande

New Swiss Data Protection Law (nFADP)

What Small Businesses Need to Know

The advent of the new Swiss Data Protection law (nFADP) on September 1, 2023, signals a fundamental shift in how personal data is treated and protected within Switzerland. Crafted with the intent of preserving the privacy rights of Swiss citizens, this law confers them with unparalleled control over their individual data.

For Swiss businesses, understanding and adherence to this law is not just a statutory obligation but an essential commitment to their customer base.

In short, your business needs to be aware of the new law and take steps to comply.

What constitutes personal data?

At its core, personal data is any piece of information that can be linked to an identified or potentially identifiable individual. This encompasses common identifiers like names, addresses, and phone numbers, but also digital markers such as IP addresses or location data.

What rights do individuals gain under the nFADP?

The nFADP brings with it a suite of rights concerning personal data:

  • Access

  • Rectification

  • Erasure

  • Restricted processing

  • Objection to processing

  • Data portability

  • The right to be forgotten

Steps to nFADP compliance as required for Swiss SMBs

  1. Assessment of Data Activities: Examine the nature and scope of your data collection, storage, and processing mechanisms. Understand the purpose and legal underpinning for these processes.

  2. Augment Data Protection Measures: Implement fortified technical safeguards and organizational procedures. This means not just password policies or encryption, but crafting a holistic data breach response plan.

  3. Prioritize Individual Rights: Ensure mechanisms are in place allowing individuals to exercise their nFADP rights without friction.

  4. Incorporate Privacy at Conception: Every new product or service should be designed with data protection as a foundational principle. This includes any 3rd party relationships that your business may have where they may collect personal information or data from your business.

  5. Undertake Data Protection Impact Assessments (DPIAs): For certain data processes, a DPIA is invaluable. An expert can guide your business in conducting these assessments when necessary.

  6. Designate a Data Protection Officer (DPO): Businesses need to understand if they fall within the ambit requiring a DPO and if so, you need to ensure the DPO's responsibilities align with nFADP mandates.

  7. Registration with FDPIC: Large-scale personal data handlers need to register with the Swiss Federal Data Protection and Information Commissioner (FDPIC).

OCIM's Pro-Tips for Swiss SMBs

  • Adopt a Phased Approach: Don't try to comply with all of the requirements of the nFADP at once. Begin by evaluating your current data practices and spotlight areas requiring attention.

  • Engage with Experts: The complexities of nFADP might be challenging. Collaborating with data protection specialists like OCIM ensures that businesses stay on the right track.

  • Champion Transparency: Be clear with your customers about what personal data you collect and how you use it. Make sure you have a privacy policy in place that explains your data processing practices. Make it easy for individuals to access, rectify, erase, restrict, object to, and port their personal data.

  • Remain Agile: As nFADP evolves and further guidelines are issued, businesses must remain agile and informed. Note that the nFADP is a new law, and the FDPIC is still issuing guidance on how to comply.

By following these tips, business owners in Switzerland can comply with the nFADP and protect the privacy of their customers.

Certainly, the intricacies of nFADP can be daunting. However, with OCIM's specialized expertise, Swiss businesses can confidently navigate this landscape. Our team not only offers tailored consultations but is adept at devising comprehensive strategies, ensuring not just compliance but fostering an organizational culture that values data privacy.
Get in touch with us here.


bottom of page