Advisory IT & Digitalisation

The revision of the Federal Act on Data Protection

ContributorName(contributor, true)
insight featured image
The new Federal Act on Data Protection (nFADP) and the corresponding ordinance will come into force in Switzerland on 1 September 2023. All companies that process personal data which affects natural persons in Switzerland fall within the scope of the law and are equally affected. Regardless of the industry in which you operate and regardless of the size of your company, you must comply with the new legal requirements.

What topics do you have to take care of by September 1, 2023? Below are some of the most urgent steps:

  • You must implement technical and organisational measures and e.g. summarize them in a privacy policy.
  • You will most likely have to create a register of processing activities.
  • You must define a notification process in the event of data security breaches.
  • You must implement processes that ensure that the natural persons affected affected can be informed in advance whenever personal data is obtained.

Even if you already comply with the requirements of European legislation on data protection (GDPR), you are required to take further measures. Companies that are already GDPR-compliant, can of course build on existing processes, but will still not be able to comply with the legal requirements without investing additional time into this topic.

The specialists of the Advisory IT & Digitalisation Team of Grant Thornton Switzerland/Liechtenstein can support you efficiently and straightforwardly due to their expertise in technical and legal issues in order to implement the new legal requirements in a timely manner. We are happy to support you in making all necessary adjustments to your processes, controls, guidelines, and contracts until the entry into force of the nFADP:

Policies and contracts

  • Support in creating or supplementing your privacy policy (website, contracts, advertising content, etc.).
  • Assistance with the creation or completion of data processing policies.
  • Support in the creation of a register of data processing activities.
  • Defining cooperation with suppliers, service providers and partners in relation to personal data.
  • Protecting your personal data in an international context.
  • Assessing data protection impact assessments.

Processes and checks

  • Support in developing a process for responding to data subjects' requests (e.g., requests for information or deletion) in a time-critical manner.
  • Support in implementing a data breach notification procedure.
  • Support in complying with your extended obligations to provide information about your data processing activities.
  • Support in implementing checks and measures to protect personal data as defined in the nFADP.
  • Support in defining processes regarding the handover of data in an appropriate electronic format.