Clym Logo
CH flag

CH

Federal Act on Data Protection (FADP) Switzerland

Overview

The Federal Act on Data Protection (FADP) of 25 September 2020 (last amended on 7 July 2025) is Switzerland’s primary data protection law. It protects the personality and fundamental rights of natural persons whose personal data is processed.
The revised FADP entered into force on 1 September 2023.

Regulation Summary

  • 25 September 2020 – Federal Act adopted.
  • 7 July 2025 – Last amendment.
  • 1 September 2023 – Revised FADP entered into force.

  • Private persons (including companies) processing personal data.
  • Federal bodies processing personal data.
  • Organizations abroad whose activities have an effect in Switzerland.
  • Foreign controllers offering goods or services in Switzerland or monitoring behavior in Switzerland, where representative requirements apply.

  • Processing by a natural person for personal use.
  • Processing by the Federal Assembly and parliamentary committees in deliberations.
  • Certain authorities and judicial activities are exempt from FDPIC supervision

  • Process personal data lawfully, in good faith, and proportionately.
  • Collect data for a specific and recognizable purpose.
  • Destroy or anonymize data when no longer required.
  • Verify data accuracy and correct inaccurate data.
  • Apply data protection by design and by default.
  • Implement appropriate technical and organizational security measures.
  • Maintain records of processing activities.

  • Inform individuals when collecting personal data, including identity, purpose, and recipients.
  • Provide additional information when data is not collected directly from the data subject.
  • Inform individuals about automated individual decisions and provide review options.
  • Notify the Federal Data Protection and Information Commissioner (FDPIC) of certain data security breaches.

  • Conduct data protection impact assessments for high-risk processing.
  • Appoint a representative in Switzerland in certain cross-border cases.
  • Apply safeguards for cross-border data disclosures.
  • Cooperate with investigations by the FDPIC.

  • Right to information about whether data is processed.
  • Right to receive key details about processing, retention, and recipients.
  • Right to request correction or deletion of incorrect data.
  • Right to data portability in certain automated processing cases.
  • Right to object in certain disclosure scenarios involving federal bodies.

  • Supervisory authority: Federal Data Protection and Information Commissioner (FDPIC).
  • The FDPIC may order processing to be modified, suspended, terminated, or require deletion of data.
  • Criminal fines for private persons may reach up to CHF 250,000 (approximately USD 275,000) for violations of certain duties.
  • Prosecution of criminal offenses is handled by the cantons.
Book a demo