
17. September 2022Newsletter
Newsletter #2 9/2022 Completion of the total revision of the Federal Act on Data Protection (FADP)
Completion of the total revision of the Federal Act on Data Protection (FADP) New rules apply from 1 September 2023
Overview The total revision of the Federal Act on Data Protection (nFADP) has been completed. On 31 August 2022 the Federal Council published the Data Protection Ordinance (nDPO) and decided that the new rules would enter into force on 1 September 2023. The purpose of the total revision was to adapt the aging Federal Act on Data Protection to today’s social and technological conditions and to bring it closer to the more recent and modern regulations in the European data protection environment (esp. GDPR). The new FADP and nDPO are now in line with the EU rules in many respects. Nevertheless, there are some so-called “Swiss finishes” to consider when reviewing and implementing the new data protection setup in a company. Swiss companies now have one year to implement the new rules – (further) transition periods are not foreseen. We would like to inform you briefly about the most important changes and our offer for you. Attached you will also find a checklist with the individual tasks for the step-by-step implementation of the data protection rules in your company.
Important changes The following points highlight the most important changes compared to the current law:
If personal data is being processed by a processor, the controller must ensure that the processor is able to guarantee data security (e.g., through so-called data processing agreements, DPA). In connection with data security, it is also worth mentioning, that there is an obligation to review and, if necessary, adjust the measures taken “over the entire processing period” and a willful breach of the minimum requirements on data security is subject to criminal sanctions.
In principle, personal data may be disclosed abroad if the legislation of the foreign country guarantees adequate protection (Art. 16 para. 1 nFADP). The countries deemed to have an adequate level of data protection are listed in Annex 1 of the nDPO. The disclosure of personal data to other countries – including the USA – requires a specific exemption or the implementation of alternative protection measures to guarantee an adequate level of data protection (Art. 16 para. 2 and Art. 17 nFADP).
We recommend that you start implementing the new regulations in a timely manner so that your company will be nFADP-compliant on 1 September 2023. As mentioned above, a short checklist that can help you get started is available in the appendix.
Our offer We will be happy to provide you with pragmatic and sustainable support for your data protection projects, for example:
We hope to be of service to you with this information and will be happy to answer any questions you may have.
Contacts![]() Prof. Dr. Cornelia StengelTel. +41 58 200 39 00 Fax +41 58 200 39 11 cornelia.stengel@kellerhals-carrard.ch ![]() Stefano PerucchiTel. +41582003100 Fax +41582003111 stefano.perucchi@kellerhals-carrard.ch ![]() Dr. Urs MartiTel. +41 58 200 35 28 Fax +41 58 200 35 11 urs.marti@kellerhals-carrard.ch ![]() Dr. Mario M. MartiTel. +41 58 200 35 00 Fax +41 58 200 35 11 mario.marti@kellerhals-carrard.ch ![]() Christophe RapinTel. +41 58 200 33 30 Fax +41 58 200 33 11 christophe.rapin@kellerhals-carrard.ch ![]() Dr. Thomas BählerTel. +41 58 200 35 00 Fax +41 58 200 35 11 thomas.baehler@kellerhals-carrard.ch ![]() Dr. Nicolas MosimannTel. +41 58 200 30 49 Fax +41 58 200 30 11 nicolas.mosimann@kellerhals-carrard.ch ![]() Dr. Daniel AlderTel. +41 58 200 39 33 Fax +41 58 200 39 11 daniel.alder@kellerhals-carrard.ch ![]() Ralph GramignaTel. +41 58 200 39 06 Fax +41 58 200 39 11 ralph.gramigna@kellerhals-carrard.ch |