Zum Inhalt springen
Berger & Roth
Schedule a consultation

Data Protection

The new Swiss Data Protection Act: What businesses need to know

The revDSG has been in force since September 2023. Here's a practical checklist of what Swiss companies should have implemented by now — and what many still haven't.

Dr. Anna Berger Dr. Anna Berger
· 15 March 2026

The revised Federal Act on Data Protection (revDSG) entered into force on 1 September 2023. Over two years later, many Swiss businesses — particularly SMEs — still have gaps in their compliance.

What changed

The revDSG aligns Swiss data protection law more closely with the EU’s GDPR. Key changes include:

  • Scope: Only natural persons are now protected (legal entities are excluded).
  • Data Protection Impact Assessments: Required when processing poses a high risk to personality or fundamental rights.
  • Data breach notification: Breaches likely to pose a high risk must be reported to the FDPIC as quickly as possible.
  • Profiling: High-risk profiling now requires explicit consent.
  • Criminal sanctions: Intentional violations can result in fines of up to CHF 250,000 — against individuals, not the company.

The practical checklist

Based on our advisory work, here is what every Swiss business should have in place:

  1. Privacy policy updated to reflect revDSG requirements (not just GDPR copy-paste)
  2. Record of processing activities (mandatory for companies with 250+ employees, recommended for all)
  3. Data breach response plan with clear internal escalation paths
  4. Processor agreements (Auftragsbearbeitungsverträge) with all service providers handling personal data
  5. Cross-border transfer safeguards — the Federal Council’s adequacy list is narrower than the EU’s
  6. Cookie and tracking consent aligned with current FDPIC guidance

What we see in practice

The most common gaps are inadequate processor agreements and missing breach notification procedures. Many companies updated their privacy policies but stopped there.

“Compliance isn’t a document — it’s an operational capability. The privacy policy is the tip of the iceberg.” — Dr. Anna Berger

Our recommendation

Start with a gap analysis. Map your data flows, identify your processors, and test your breach response. If you haven’t done this yet, the risk isn’t theoretical — the FDPIC has been increasingly active.

We offer a structured half-day workshop that gets SMEs from zero to a practical compliance roadmap. Get in touch if this is relevant for your business.

Dr. Anna Berger
Dr. Anna Berger
Managing Partner

Dr. Anna Berger specializes in corporate and employment law. With over 15 years of experience advising Swiss SMEs, she brings a pragmatic approach to complex legal questions.

#revDSG#Compliance#Tech

Kurzer Hinweis

So könnte deine Website aussehen

Du siehst, wie eine Webeo Site aufgebaut ist: schnell, aufgeräumt und so gebaut, dass Google und KI sie verstehen. Einzelne Inhalte sind Platzhalter – die Technik dahinter ist es nicht.

Neugierig geworden?

Willst du wissen, was Webeo Sites kostet und leistet? Auf webeo.ch findest du alle Pakete, Preise und was dahintersteckt.

Webeo Sites entdecken