The new Data Protection Act

The new Data Protection Act 

Until the new FADP comes into force, the private sector and federal authorities will have to adapt their processing of personal data to the new provisions. The Commissioner has recorded what he considers to be the most significant changes:

Major innovations

Duty to provide information

The duty to provide information ensures that data processing is transparent and that the data subject’s rights are respected.

Right to information

In accordance with the Federal Act on Data Protection, any person may request information from the controller of a data file as to whether their personal data is being processed.

FADP – Criminal law

Criminal aspects of breaches of obligations under the FADP.

Data protection impact assessment

Private- and public-sector data controllers must carry out a data protection impact assessment (DPIA) if data processing is likely to result in a high risk to the personality or fundamental rights of the data subjects.

The FDPIC’s role

It introduces changes for data processors and data subjects and provides the FDPIC with additional duties and powers.


In future, the FDPIC will charge private data processors for a number of his services.

Data protection advisor

The Data Protection Act allows companies to self-regulate. Those that appoint a data protection advisor and notify the FDPIC that they have done so will be subject to fewer data protection impact assessment requirements

FAQ data protection

Answers to common questions about data protection and privacy.

Legal basis Data protection

The current and future legal basis.

Last modification 16.05.2023

Top of page