Switzerland: Announced implementation of revised Federal Data Protection Act

On 31 August 2022, the Federal Council of Switzerland issued a notice announcing the revised Federal Data Protection Act (DPA) will be implemented on 1 September 2023. Firstly, the revision establishes that data relating to legal entities will no longer be protected by the DPA. Data controllers are required to disclose their identity and contact details and the purpose of their data processing operations. The Act obliges data controllers to perform a data protection impact assessment for high-risk processing activities and to notify relevant data breaches to the Federal Data Protection and Information Commissioner (FDPIC). The DPA specifies the conditions to request data access and introduces a right to data portability. Moreover, the Act restricts the use of data profiling to perform credit checks. Finally, the enforcement powers of the FDPIC are expanded by providing it with the power to conduct investigations and issue binding orders. Finally, the Act increases the sanctions for noncompliance.