YourRobustSwissFADPRepresentative
YourRobustSwissFADPRepresentative
Processing Swiss data? Don’t have a corporate seat in Switzerland? Comply with the Swiss Federal Act on Data Protection (FADP) and appoint Prighter as your representative.
Trusted by Customers all over the World
Do You Need a Swiss FADP Representative?
Do You Need a Swiss FADP Representative?
Explore our FAQs to understand more about Swiss data protection law and if it is applicable to your business.
What is the Swiss Federal Act on Data Protection (FADP)?
The Swiss Federal Act on Data Protection (FADP) governs the processing of personal data in Switzerland and was fully revised in 2023 to align more closely with the EU’s GDPR. It aims to strengthen privacy protections, increase transparency, and give individuals greater control over their personal data.
The FADP applies not only to Swiss-based entities but also to foreign companies under the "effect principle"—if a company processes personal data in connection with offering goods or services in Switzerland or affects individuals in Switzerland, it must comply with the FADP. In such cases, appointing a Swiss-based representative is required for better accountability and communication with Swiss data subjects and authorities.
The law grants data subjects clear rights, including the right to access, correct, and delete their personal data, as well as to be informed about data processing activities. Organizations must ensure transparency and provide timely responses to such requests.
In case of data breaches, companies are required to notify the Swiss Federal Data Protection and Information Commissioner (FDPIC) if the breach is likely to result in a high risk to the personality or fundamental rights of individuals. Timely breach reporting and proper documentation are critical.
Non-compliance with the FADP can lead to fines of up to CHF 250,000, especially for intentional violations of obligations such as providing information or complying with data subject rights. While fines are mostly directed at individuals within organizations, the reputational and operational impact on companies can be significant.
Start with Compliance
Meet your obligations under Article 14 of the FADP by appointing Prighter as your representative in Switzerland. Demonstrate your commitment to compliance, build trust, and reduce regulatory risk.
Prighter is Your Credible FADP Representative in Switzerland
At Prighter, we take our role as your representative seriously. We deliver reliable, compliant service that meets both regulatory standards and your quality expectations for Switzerland. Trust us for professional, high-quality representative services in Switzerland.
Get Compliant — in Minutes
Starting your compliance journey with Prighter is quick and easy. Simply sign the letter of appointment and include the wording we provide you in your Privacy Policy. We take care of the rest.
Reliable Addressee for All Stakeholders
We are you first line of defence in Switzerland, acting as trusted point of contact for data protection authorities and data subjects. Rely on our experts — supported by our SaaS solutions — for any interactions with Swiss stakeholders.
Authority Communication and Case Management
Appoint Prighter as your Swiss FADP representative to ensure a trusted point of contact for the Swiss Federal Data Protection and Information Commissioner (FDPIC). Our local team of experts supported by our Authority Case Management is best suited to assist you with investigations, data breach notifications, or any other case with the FDPIC.
Addressee for Data Subjects
We serve as your first line of support for privacy-related matters in Switzerland, and act as the trusted addressee for data subjects on your behalf. To make the handling of data subjects requests easy and efficient, you get access to our proprietary Privacy Rights Manger for managing the full lifecycle of data subject requests.
Automated Stakeholder Interactions
We build smart software using our deep legal expertise. Our SaaS solutions enable you to handle interactions with stakeholder in Switzerland in a compliant and efficient way. Manage authority communication with our Authority Case Management and simplify the handling of data subject requests through the Privacy Rights Manager.
Create Value Through Compliance
Use your proactive approach to data protection to build business value. Gain trust from all stakeholders through your FADP compliance and create a competitive advantage by being an accountable provider.
Brand Reputation
Demonstrate your approach to compliance and benefit from a positive impact on your brand. Use the naming of Prighter in your Privacy Policy, the Prighter Certificate, the Compliance Batch for your website, and our Trust Center to communicate your brand’s trustworthiness.
The Trust Center
Showcase your compliance in our Trust Center and gain recognition from all stakeholders. Customise and brand it as your public-facing portal with a verification of our appointment in real time and the central access point for all requests.
Boost Efficiency
Enhance efficiency with a robust compliance SaaS solution that automates workflows, cuts manual work, and keeps you aligned with regulations. From data subject requests to authority interactions, streamline every step with smart, scalable tools — so you can focus on what truly matters.
All-in-One Solution
Data protection compliance isn’t just ticking boxes — it’s a continuous process. We give you the tools to stay ahead and manage your privacy compliance proactively.
Individual Services
All you need, in one place. Our products and services are backed by industry-leading experts. Together with our partners, we support you throughout your entire data protection journey to keep you safe.
Knowledge Sharing
We’re dedicated to sharing our expertise openly and keeping you informed on regulatory updates, case law, and authority guidelines. Our monitoring also covers AI and Digital Governance to keep you fully up to date.
People matter
You can rely on the strong legal expertise and the practical experience of our dedicated multi-jurisdictional team of lawyers and privacy professionals. Our team helps you to navigate complex regulations confidently to keep you safe.
How it works
:quality(80):fill(transparent))
Swiss DSG Representation
Select your Size:
Select your Size:
growth
< 10 employees
small
10-49 employees
medium
50-249 employees
large
250-749 employees
enterprise
750+ employees
Add complementary products:
Privacy Representation
3 products
Digital Governance
3 products
Privacy Software
2 products
Core Features
Marketing Features
Authority Features
Data Subject Features
Processor Features
Knowledge
Subscription
How It works
What Our Customers Say
We partner with organisations all around the world to ensure robust compliance. Here's what some of our valued customers have to say about their Prighter experience.
:quality(95))
Prighter has provided the answer we were looking for in terms of EU and UK GDPR representation. Their team has given excellent assistance on a range of issues, not to mention being incredibly responsive and understanding of our needs as a start-up developing a mobile app. Their commitment to continual evolution is commendable in this complex market and their industry updates and webinars are always engaging and useful. Prighter gives us peace of mind and saves us time and we couldn’t be happier with this reliable partnership.
Resource Center
Our Resource Centre is designed to help businesses around the world to understand and navigate international privacy, AI, and digital governance compliance. Whether you're new to compliance, or you're an experienced privacy professional, you'll find helpful tips, fresh insights, and practical resources to help you level-up your approach to compliance.
Visit the full Resource Center
Swiss Federal Act on Data Protection (FADP) FAQ
Does the FADP apply to my company?
Does the Swiss FADP apply to our organization?
The FADP applies to the processing of personal data by private controllers and federal bodies. Like the GDPR, the FADP has extra-territorial scope, meaning that it applies to companies located outside of Switzerland. The extra-territorial scope of the FADP is, however, broader than that of the GDPR because it covers all circumstances that have an effect in Switzerland, even if the action was initiated from abroad. This is known as the “effect doctrine”. According to the effect doctrine not just data processing activities related to Swiss individuals are subject to the FADP. Any processing operations performed on servers in Switzerland will be caught by the FADP, even if such operations are carried out from abroad.
Does your company need a Swiss FADP Representative?
There is one significant difference between the requirement to appoint a representative under the GDPR (Art 27) and the requirement under Art. 14 of the FADP. Whereas the GDPR requires companies without an establishment in the EU to appoint a representative, the requirement to appoint a representative is triggered under the FADP by an organisation not having a corporate seat in Switzerland. What does this mean? It means that companies with a branch or any other type of establishment in Switzerland that are not a corporate seat are still required to appoint a Swiss representative if they:
- offer goods or services to individuals in Switzerland (targeting criterion) or monitor their behaviour (monitoring criterion); and
- their processing activities are regular, on a large scale and pose a high risk to data subjects.
Does my company offer services or products according to Art 14 FADP?
The wording of the targeting criterion under Art 14 FADP is nearly identical to the wording of Art 3(2) GDPR. For that reason, and in the absence of any guidance from the Swiss authorities, we can assume that the same types of activities as those set out in guidance from the European Data Protection Board will trigger the targeting criterion under Swiss law. It is expected that the Swiss authorities will publish their own guidelines in due course. Until then, factors that may be considered to result in an “offering of goods or services” to individuals in Switzerland could be:
- using languages used in Switzerland and offering payments in CHF;
- using ads to address Swiss individuals or other marketing tools directed towards Swiss customers;
- mentioning addresses or phone numbers to be reached from Switzerland;
- use of Swiss top-level domains;
- offering delivery of goods to Switzerland.
Does my company analyse and assess the activities of individuals inside of Switzerland?
Again, until such a time as there is guidance from Swiss officials on the interpretation of the monitoring criterion, we assume the following activities, as set out in guidance relating to the GDPR, are likely to trigger the requirement to appoint a representative:
- behavioural advertisement
- geo-localisation activities
- online tracking by using cookies or other tracking technologies
- market surveys and other behavioural studies based on individual profiles
What fine may be imposed for non-compliance?
The FADP carries heavy penalties. In contrast to GDPR, however, these are not directed at companies, but at the responsible natural persons behind the breaching organisation. Instead of administrative fines, the FADP sanctions violations with criminal liabilities. The penalties can amount to up to CHF 250,000.