Data protection in Switzerland: differences between nDSG and DSGVO
Data protection & data processing on the Internet

Data protection in Switzerland: differences between nDSG and DSGVO

26/05/2023

In the course of their operations, companies collect and process a wide variety of personal data. Increasing technological developments over time have brought a greater scope of data collection and thus also a higher risk of data misuse. The new Swiss Federal Data Protection Act (nDSG) aims to increase the requirements for companies and ensure the security of personal data. Based on the requirements of the European GDPR, the new law also aims to establish EU-compliant data protection. But what are the differences between the nDSG and the GDPR?

Wichtig:

Dieser Beitrag enthält allgemeine Hinweise. Für vollständige Beratung über die Umsetzung des Datenschutzes im Unternehmen beraten Sie sich bitte mit einem Rechtsanwalt.

The new Swiss data protection law, which comes into force on September 1, 2023, will apply to all companies and organizations that process personal data of Swiss citizens. Companies operating in both the EU and Switzerland will have to comply with both laws.

The main differences between the DPA and the GDPR

  DSGVO nDSG
General obligation to obtain consent for data storage Yes No (notice instead of consent)
Consent for profiling General duty valid Obligation to obtain consent only for high-risk profiling
Appointment of a data protection officer Mandatory under certain circumstances Recommendation
Fine for lack of compliance No fines for private responsible persons Fines for private responsible persons up to CHF 250,000
Data protection impact assessment In case of high risk, consultation with the supervisory authority is mandatory In case of high risk, consultation with the FDPIC or with a data protection officer is possible
Obligation to notify data protection breaches Notification of the EU supervisory authority within 72 hours Immediate notification to the FDPIC
Scope of sensitive data "Special categories of personal data" include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, health and sex life data. "Particularly sensitive data" additionally includes administrative or criminal prosecutions and sanctions, as well as social assistance measures.

For more information on the nDSG, read our last post on the subject: www.deepscreen.ch/news/detail/datenschutz-fuer-schweizer-unternehmen-bereiten-sie-sich-fuer-das-neue-gesetz-vor

Wir unterstützen Sie

Für jegliche Fragen zum Thema schreiben Sie uns oder rufen Sie uns an (+41 43 255 68 68). Unser Fachteam steht Ihnen gerne zur Seite.

Jetzt kontaktieren