Transborder data flows

The Swiss data protection law guarantees the protection of the private sphere for data processing carried out by persons in Switzerland. However, when data is transmitted abroad, an adequate level of its protection has to be provided for thereabouts.

Due to current developments, we will continuously add to and adapt the information on this page. Status: 27 August 2021

The current regulations are as follows:

Guide for checking the admissibility of data transfers with reference to foreign countries (Art. 6 para. 2 letter a FADP)

This guidance is intended to make it easier for data owners to check the permissibility of data transfers of personal data abroad.Based on a diagram, this guidance explains the case of data transfer abroad according to art. 6 para. 2 letter a FADP, if legislation is lacking there that ensures adequate protection* and this lack must be compensated by sufficient guarantees (cf. also art. 6 para. 2 and 3 of the Ordinance to the Federal Act on Data Protection DPO, SR. 235.11). The requirements according to letters b - g are not addressed in this guidance.

* To check whether the country to which data are transferred offers adequate data protection, the list of countries (here below) serves as a guide.

The transfer of personal data to a country with an inadequate level of data protection based on recognised standard contractual clauses and model contracts

In its statement of 27 August 2021, the FDPIC recognises the standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (pursuant to Implementing Decision 2021/914/EU) as the basis for personal data transfers to a country without an adequate level of data protection, provided that the necessary adaptations and amendments are made for use under Swiss data protection law.

The following explanations show which adaptations and amendments must be made.  The standard contractual clauses pursuant to the European Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU), the Swiss Transborder Data Flow Agreement (for outsourcing of data processing) of November 2013 and Council of Europe model contract to ensure equivalent protection in the context of cross-border data flows can still be notified until 27 September 2021 and continue to be used during a transitional period until 31 December 2022. 

New standard contractual clauses

Previous standard contractual clauses

Further information

If you are a responsible for a database yourself, please find more information on the topic in the respective chapters in the following publications (in German, French or Italian):