The main provisions

The main provisions 

With the new FADP, the private sector and federal authorities have to adapt their processing of personal data to the new provisions. The Commissioner has recorded what he considers to be the most significant changes:

Data protection officer

Notification of data protection officers (DPO) to the FDPIC pursuant to Art. 10 para. 3 FADP for private persons and Art. 10 para. 4 FADP for federal bodies.

Duty to provide information

The duty to provide information ensures that data processing is transparent and that the data subject’s rights are respected.

Right to information

In accordance with the Federal Act on Data Protection, any person may request information from the controller of a data file as to whether their personal data is being processed.

Data protection impact assessment

Private- and public-sector data controllers must carry out a data protection impact assessment (DPIA) if data processing is likely to result in a high risk to the personality or fundamental rights of the data subjects.

The FDPIC’s role

It introduces changes for data processors and data subjects and provides the FDPIC with additional duties and powers.


In future, the FDPIC will charge private data processors for a number of his services.

Investigations of violations of data protection regulations

Supervisory activities include investigating violations of data protection regulations and, if necessary, ordering administrative measures to enforce these regulations.

Criminal law

Criminal aspects of breaches of obligations under the FADP.

Data protection certification

The certification of systems, products and services promotes transparency in data processing.

Questions on data protection

Take a look at our FAQ or call our hotline.

Legal basis Data protection

The current and future legal basis.

Last modification 03.11.2023

Top of page