Transborder data flows

The Swiss data protection law guarantees the protection of the private sphere for data processing carried out by persons in Switzerland. However, when data is transmitted abroad, an adequate level of its protection has to be provided for thereabouts.

The current measures for the transfer of data abroad are currently being revised.

The current regulations are as follows:

Guide for checking the admissibility of data transfers with reference to foreign countries (Art. 6 para. 2 letter a FADP)

This guidance is intended to make it easier for data owners to check the permissibility of data transfers of personal data abroad.Based on a diagram, this guidance explains the case of data transfer abroad according to art. 6 para. 2 letter a FADP, if legislation is lacking there that ensures adequate protection* and this lack must be compensated by sufficient guarantees (cf. also art. 6 para. 2 and 3 of the Ordinance to the Federal Act on Data Protection DPO, SR. 235.11). The requirements according to letters b - g are not addressed in this guidance.

* To check whether the country to which data are transferred offers adequate data protection, the list of countries (here below) serves as a guide.

Certain data transmissions abroad must be announced to the FDPIC. Under certain circumstances, transmission is only allowed after concluding a special agreement. In some countries, transmission is problem-free to a great extent. The following list shows the levels of data protection worldwide:

(The FDPIC is in the process of revising the model contract.)

Standard contractual clauses of the European Union

(The FDPIC is currently examining the extent to which these standard contractual clauses can also be adopted under the FADP.)

Further information

If you are a responsible for a database yourself, please find more information on the topic in the respective chapters in the following publications (in German, French or Italian):