| What Data Protection Law: https://www.fedlex.admin.ch/eli/cc/2022/491/en Data Protection Ordinance: https://www.fedlex.admin.ch/eli/cc/2022/568/en  | When 1. September 2023  |
| Why Total revision of the 1992 law to adapt it to the technological developments and digital transformation of society.  | Where Law applicable if the impact of processing occurs in Switzerland (even if initiated abroad). Foreign controllers may need to designate a local representative in Switzerland.  |
| Goal Strengthen rights of data subjects. Self-regulation by industry associations. Risk-based approach. Alignment with GDPR.  | Scope Protection of personal data of natural persons only. Legal entities out of scope. Genetic and biometric data qualify as sensitive data.  |
| Approach Technology neutral law. Controller to assess risks for data subject (risk-based approach).  | New Data Subject Rights Right to information extended. Right to disclosure of processed personal data in a common electronic format. Right to non-automated decision making.  |
| Privacy by Design Account for and document data protection already during planning stage of IT systems.  | Privacy by Default Implement data protection friendly defaults. Deviations only with consent of data subject.  |
| Export of Peronal Data Inform data subjects of destination country and legal basis (in privacy policy). Case by case evaluation (DP impact assessment (DPIA)). Use EU/CH Standard Contractual Clauses.  | Non-Compliance Fines ≤ CHF 250’000.–.  |
| Your Action Update privacy policy and data processing agreements. Record of processing activities (if > 250 employees). Perform DPIA (if high risk). Report breaches to FDPIC.  | Ronzani Schlauri Attorneys Signaustrasse 11 CH-8008 Zurich Dr. Daniel Ronzani, LL.M. 044 500 57 21, dr@rsa.law Prof. Dr. Simon Schlauri 044 500 57 22, ssch@rsa.law |
