Skip to content
SwissInnovationHub
Menu

Language

itenfrde
Contact us

Compliance · 6 min

GDPR and the Swiss nFADP: what you need to know

The GDPR is the European regulation on the protection of personal data; the nFADP is the new Swiss data protection act, aligned in its principles with the GDPR. Both require companies to process personal data in a lawful, transparent and secure way. For those operating between Switzerland and the EU, knowing their principles is both a legal and a trust requirement.

ComplianceGDPRPrivacy

Key points

  • The GDPR (EU) and the nFADP (Switzerland) share the same data protection principles.
  • You should collect only the data you need, transparently and securely.
  • People have rights over access, rectification and erasure.
  • Coherent good practices cover both sets of rules.

The shared principles

The GDPR and the nFADP share the same core principles: collect only the data you need, for clear purposes, with consent or another legitimate basis, store it securely and for as long as necessary, and guarantee people rights over their own data (access, rectification, erasure).

  • Minimisation: collect only the data you need.
  • Transparency: inform people about how their data is used.
  • Security: protect data with appropriate measures.
  • Rights: guarantee access, rectification and erasure.

What it means in practice

For most companies, complying means: knowing which personal data you process and why, having clear privacy notices, collecting consent where needed, protecting data with appropriate security measures and being able to respond to data subjects' requests. It is not bureaucracy for its own sake, but responsible management of information.

Switzerland and the EU: a coherent framework

The alignment of the nFADP with the principles of the GDPR makes life easier for companies operating in both markets: adopting good data protection practices lets you comply with both sets of rules with a coherent approach, avoiding having to manage two separate systems.

FAQ

Is the Swiss nFADP the same as the GDPR? +

Not identical, but aligned in its principles. Those who adopt good data protection practices can comply with both with a coherent approach.

Does an SME need to worry about data protection? +

Yes. The obligations apply to anyone who processes personal data. For many SMEs a few proportionate measures are enough: clear privacy notices, appropriate security and management of rights.

Is compliance only a legal obligation? +

No: it is also a trust factor. Handling customer data well strengthens your reputation and credibility with partners and clients.

Want to apply these ideas to your company?

Tell us your goals and context: we reply with a concrete initial framing on AI, software, automation and digital marketing.

Request an assessment