Support Centre



Law: Federal Act on Data Protection 2020 ('FADP') (only available in German here, in French here, and in Italian here)

Regulator: Federal Data Protection and Information Commissioner ('FDPIC')

Summary: The revised version of the FADP was adopted on September 25, 2020 and broadly seeks alignment with the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). The FADP entered into force on 1 September 2023, which constituted a one-year transition period for organisations to ensure compliance. 

Further to the above, the revised version of the Ordinance on the Federal Act on Data Protection (available in French here, in German here, and in Italian here) ('FODP') puts certain aspects of the revised FADP into more concrete terms. For example, it sets out the specifics of data security requirements, and the modalities of data breach notices as well as of the right of access and the right to data portability.

Beyond general data protection regulation, the financial sector in Switzerland presents special interest as it is subject to different layers of regulation including data protection laws. Switzerland has also been recognised by the EU as providing adequate protection of data, and has a data transfer agreement with the US in the form of the Swiss-US Privacy Shield. However, the FDPIC recently noted that the Swiss-US Privacy Shield does not guarantee adequate protection for transfers of data to the US.

Furthermore, following the adoption of new Standard Contractual Clauses ('SCCs') for international data transfers by the European Commission in June 2021, the FDPIC announced, on 27 August 2021, that the EU's SCCs could be used for transfers under Swiss law, subject to certain necessary adaptations and amendments.


Switzerland's strong reputation for financial services can be traced back to the early eighteenth century, with Switzerland being a forerunner in liberalizing and facilitating international trade, upon which its economy heavily depends. This has led the country to be widely known for its confidentiality, discretion, and data protection, ensuring that clients' bank accounts remain private and secure.

In this Insight article, Paul Lanois, Director at the European law firm Fieldfisher in the US[1], provides an overview of the relevant legal provisions, as well as some recent developments applicable to the financial sector in Switzerland.

For several years, the Federal Act on Data Protection 1992 ('FADP') and the Ordinance to the Federal Act on Data Protection ('the Ordinance') have been under revision. On 25 September 2020, the Federal Parliament eventually adopted the revised Federal Act on Data Protection 1992 ('the Revised FADP'). However, uncertainties remained since the content of the Ordinance was for a long time unclear. Finally, on 31 August 2022, the Federal Council adopted the text of the revised ordinance ('the Revised Ordinance') and informed that the Revised FADP and the Revised Ordinance will enter into force on 1 September 20231.

Johanna Moesch, Associate at Baker & McKenzie Zurich, covers the changes introduced by the Revised FADP and the Revised Ordinance, as well as similarities and differences with the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').

The Federal Data Protection and Information Commissioner ('FDPIC') published, on 5 March 2021, a guide1 ('the Guide') on the revised Federal Act on Data Protection 1992 ('the Revised FADP') which was adopted on 25 September 20202 and is set to replace the FADP that is currently in force3. The referendum period, which provided voters with an opportunity to express their views on the Revised FADP4, ended on 14 January 2021 without the referendum right being used.