The Swiss Federal Act on Data Protection (FADP) governs the processing of personal data in Switzerland and was fully revised in 2023 to align more closely with the EU’s GDPR. It aims to strengthen privacy protections, increase transparency, and give individuals greater control over their personal data.

The FADP applies not only to Swiss-based entities but also to foreign companies under the "effect principle"—if a company processes personal data in connection with offering goods or services in Switzerland or affects individuals in Switzerland, it must comply with the FADP. In such cases, appointing a Swiss-based representative is required for better accountability and communication with Swiss data subjects and authorities.

The law grants data subjects clear rights, including the right to access, correct, and delete their personal data, as well as to be informed about data processing activities. Organizations must ensure transparency and provide timely responses to such requests.

In case of data breaches, companies are required to notify the Swiss Federal Data Protection and Information Commissioner (FDPIC) if the breach is likely to result in a high risk to the personality or fundamental rights of individuals. Timely breach reporting and proper documentation are critical.

Non-compliance with the FADP can lead to fines of up to CHF 250,000, especially for intentional violations of obligations such as providing information or complying with data subject rights. While fines are mostly directed at individuals within organizations, the reputational and operational impact on companies can be significant.