Proudly Swiss.

logo
Demo
Demo

FADP Hub

The reference point for understanding the new Federal Act on Data Protection and turning regulatory obligations into structured, measurable, and sustainable processes.

Contact us
Ask for a Demo
Pexels Photo by Louis - Privacy Swiss

What is the FADP and why is it so important

As of 1 September 2023, the revised Federal Act on Data Protection (FADP) has entered into force. The legislation:

  • Updates the 1992 framework to reflect today’s digital environment;
  • Focuses on the personal data of natural persons and on how companies and public bodies collect, process, and protect such data;
  • Introduces more stringent obligations in terms of transparency, data security, accountability, and documentation.
Federal website
Discover all modules

FADP compliance means:

  • Avoid sanctions of up to CHF 250,000 in the event of serious and intentional violations;
  • Reduce the risk of data breaches and the associated costs:
  • Demonstrate to clients, employees, and partners that the processed data are managed according to high standards.

The Federal law

7 keypoints for companies:

01. Scope of application

The FADP applies to:

  • Companies and organizations based in Switzerland;

  • Foreign companies that process data of individuals residing in Switzerland in connection with their offers or services.

In practice: if you process personal data of individuals in Switzerland, it is very likely that the FADP applies to you.

02. Transparency & fairness principles

Each processing activity must be:

  1. Lawful and based on an appropriate legal ground;

  2. Transparent: individuals must know who processes their data, for what purposes, and with which rights;

  3. Purpose-limited and proportionate: no excessive collection, no unnecessary data.

03. Privacy by Design & by Default

Data protection must be integrated:

  • Into the design of processes, services, and systems (Privacy by Design);

  • Into default settings (Privacy by Default: by default, the system must be “privacy-friendly”).

04. Record of processed activities

Organizations must:

  • Maintain an up-to-date record of processing activities;

  • Map roles, purposes, data categories, legal grounds, recipients, transfers, and security measures.

Without a structured record, demonstrating accountability is nearly impossible.

05. Risk-based approach & DPIA

For processing activities that present a high risk to the rights and freedoms of individuals, a:

  • Data Protection Impact Assessment (DPIA);

  • Analysis of risks and measures to reduce them to an acceptable level is required.

The FADP encourages companies to demonstrate how they assess and mitigate risks, not just that they “consider” them.

06. Data Breach & Data Subject Rights

Organizations must:

  • Assess and, if necessary, notify personal data breaches;

  • Handle requests for access, rectification, objection, erasure, and portability within the prescribed deadlines;

  • Document requests and breaches in dedicated records.

07. Liability, Sanctions, and Oversight

In the event of intentional breaches of key obligations (information, transparency, cooperation, diligence), the following may be imposed:

  • Criminal sanctions of up to CHF 250,000 on the responsible individuals;

  • Corrective and prohibitive measures by the Supervisory Authority.

Beyond sanctions, the most underestimated risks are reputational and operational continuity risks.

A mini checklist to determine if

Are you truly FADP-Ready?

Answer the following questions:

01. Do you have an up-to-date record of processing activities approved by management?

02. Can you clearly list all the legal grounds used for your main processing activities?

03. Have you identified high-risk processing activities and, where necessary, conducted a documented DPIA?

04. Do you know how a data breach is currently managed (who does what, within what timeframe, and what is documented)?

05. Are access, erasure, and rectification requests managed through a traceable process with monitored deadlines?

6. Can you demonstrate that employees and key personnel have received adequate and up-to-date privacy training?

07. Can you demonstrate that you have a clear overview of data transfers abroad (including via cloud providers, SaaS tools, etc.)?

If the answer to one or more questions is not quite or it depends, Privacy Swiss® is precisely designed to fill these gaps.

Contact us
Ask for a Demo
Federal website

Privacy Swiss® links each FADP obligation to concrete modules within the platform.

Record of Processing Activities and Transparency

  • Privacy Mapping
  • Record of Processing
  • Doc Management / Archive

Risk based approach & DPIA

  • Risks Analysis
  • Privacy Impact Assessment
  • Legitimate Interest Assessment

Governance & Roles

  • Monitoring Dashboard
  • Privacy Roles

Data Subject Rights

  • Data Subject Rights

Data Breaches

  • Data Breaches

Data Transfers

  • Extra Confederation Data Transfers

Compliance and Internal Culture

  • Privacy Training
  • Checklist Audit
  • Reports via Dashboard

From registers to breaches, your entire privacy governance finally lives in one place,

so that your DPO, legal and IT teams always know where they stand.

A complete and intuitive platform that allows you to manage every aspect of data protection in a centralized, compliant, and fully secure manner.

Optimize processes, reduce risks, and save time: thanks to an automated and always audit-ready system, Privacy Swiss transforms privacy management into an efficient, transparent, and auditable process.

Governance & Documentation

Put your compliance in order once and for all.

Risks & DPIA

Structure your risk-based approach.

Audit & Monitoring

Always audit-ready, without Excel sheets.

Incident Management & Operations

Apply a proactive, structured approach.
Learn more about Privacy Swiss®'s features

Who Privacy Swiss® is designed for.

Specific pathways for
different types of Organizations.

SMEs & corporate groups

  • Securing Core Processing Activities (Marketing, HR, Clients, Suppliers);

  • Structuring the Record, Roles, and Documentation.

DPO & privacy consultants

  • Managing Multiple Clients Within a Single Platform;

  • Standardizing DPIAs, Risk Assessments, Audits, and Reports.

Public entities & complex organisations

  • Mapping Complex Structures, Distributed Roles, and Critical Processes;

  • Responding Promptly to Requests, Reviews, and Inspections.

Do you need more resources? experts? time? No, just Privacy Swiss®

Ask for a Demo
Visit the FAQs