The main provisions
With the new FADP, the private sector and federal authorities have to adapt their processing of personal data to the new provisions. The Commissioner has recorded what he considers to be the most significant changes:
Notification of data protection officers (DPO) to the FDPIC pursuant to Art. 10 para. 3 FADP for private persons and Art. 10 para. 4 FADP for federal bodies.
The duty to provide information ensures that data processing is transparent and that the data subject’s rights are respected.
In accordance with the Federal Act on Data Protection, any person may request information from the controller of a data file as to whether their personal data is being processed.
Private- and public-sector data controllers must carry out a data protection impact assessment (DPIA) if data processing is likely to result in a high risk to the personality or fundamental rights of the data subjects.
It introduces changes for data processors and data subjects and provides the FDPIC with additional duties and powers.
In future, the FDPIC will charge private data processors for a number of his services.
Supervisory activities include investigating violations of data protection regulations and, if necessary, ordering administrative measures to enforce these regulations.
Criminal aspects of breaches of obligations under the FADP.
The certification of systems, products and services promotes transparency in data processing.
Take a look at our FAQ or call our hotline.
The current and future legal basis.
Last modification 03.11.2023