enactedCHEffective September 1, 2023

New Federal Act on Data Protection (revFADP) (nFADP)

Complete compliance guide for companies with <200 employees. Everything you need to know about nFADP requirements, deadlines, and penalties.

DSAR Deadline

30 calendar days

+ 30 days extension

Max Penalty

CHF 250,000/violation

Up to CHF 250,000 for intentional violations — uniquely, these are personal criminal fines against the responsible individual, not the corporation. The FDPIC can issue orders but cannot impose administrative fines on companies directly.

Threshold

No threshold

Est. Cost

$8,000 – $30,000

8-18 weeks

Mid-Market Compliance Guide

The nFADP replaced Switzerland's 1992 data protection law on September 1, 2023, aligning closely with GDPR. Uniquely, penalties are personal criminal fines (up to CHF 250,000) against responsible individuals, not corporate fines. This makes compliance a personal liability issue for executives and DPOs.

Key Requirements

Privacy by design and by default
Data Protection Impact Assessment for high-risk processing
Data breach notification to FDPIC without delay
Records of processing activities
Cross-border transfer safeguards (adequacy list, SCCs, BCRs)
Transparency obligations (privacy notice at collection)

Enforced by: Federal Data Protection and Information Commissioner (FDPIC)Official site

Consumer Rights

Right of Access (Art. 25)

Right to Data Portability (Art. 28)

Right to Rectification (Art. 32)

Right to Erasure (Art. 32)

Right to Object to Automated Decision-Making (Art. 21)

Business Obligations

1.Provide information upon request within 30 days
2.Maintain records of processing activities
3.Implement privacy by design and by default
4.Conduct DPIAs for high-risk processing
5.Report data breaches to FDPIC as soon as possible

Exemptions

•Processing by natural persons for personal purposes
•Processing by the Federal Parliament and federal courts
•National security exemptions
•Publicly available data (limited exceptions)

Related Privacy Laws

GDPR

General Data Protection Regulation

Recommended Compliance Tools

TrustArc

Enterprise privacy management with built-in regulatory intelligence

nFADP Swiss privacy compliance support

Securiti

AI-powered data command center for privacy, security, and governance

nFADP compliance monitoring

Didomi

Consent management platform for global privacy compliance

nFADP Swiss consent compliance

Usercentrics

Enterprise consent management with Google-certified CMP status

nFADP Swiss data protection consent

Browse all compliance tools

Get a mid-market compliance checklist for nFADP

We'll send you a practical, step-by-step checklist tailored for companies with <200 employees. No spam, unsubscribe anytime.

See how DPAs enforce nFADP in practice

Real fines, real violations, real lessons. Browse our enforcement database to understand what gets penalized under nFADP.

Browse Enforcement Actions

Disclaimer: This is general information, not legal advice. Consult a qualified attorney for your specific situation. Laws and regulations may change. Last reviewed: 3/27/2026.

Read the official text of nFADP