Aligning its data privacy laws with those of the EU \u2013 namely the EU\u2019s General Data Protection Regulation (GDPR)<\/a> \u2013 was a driving force behind the revision of the 1992 Data Protection Act, ensuring continued flow of personal data in and out of Switzerland.<\/p>\n\n\n\n The result \u2013 the new Swiss FADP \u2013 is a data privacy law that has similarities with the EU\u2019s GDPR, such as requiring consent in certain cases.<\/p>\n\n\n\n If you have users inside of Switzerland, being compliant with the new Swiss FADP is an obligation. Steep fines are levied against non-compliant domains. But the good news is, if you\u2019re already compliant with the EU\u2019s GDPR, you are almost certainly compliant with the Swiss FADP too.<\/p>\n\n\n\n Scan for free to see your website\u2019s GDPR compliance level<\/a><\/p>\n\n\n\n Try Cookiebot CMP free for 14 days<\/a>\u00a0\u2013 or forever if you have a small website.<\/p>\n\n\n\n Scan for free to see your website\u2019s GDPR compliance level<\/a><\/p>\n\n\n\n Try Cookiebot CMP free for 14 days<\/a>\u00a0\u2013 or forever if you have a small website.<\/p>\n\n\n\n Cookiebot CMP<\/a> is a world-leading solution for making your website compliant with major data privacy laws, including the EU\u2019s GDPR<\/a>, Switzerland\u2019s FADP<\/strong>, California\u2019s CCPA\/CPRA<\/a>, Brazil\u2019s LGPD<\/a>, South Africa\u2019s POPIA<\/a> and many others.<\/p>\n\n\n\n Built around an unrivaled scanning technology that is able to scan and find all cookies and similar trackers in use on your website, Cookiebot CMP<\/a> provides full transparency and control to your end-users, allowing them to make an easy and fast choice of consent, and enabling complete compliance for your website in the meantime.<\/p>\n\n\n\n Balance data privacy and data-driven business on your website with highly customizable consent interfaces, automatically generated cookie policies and regular renewal of end-user consent.<\/p>\n\n\n\n The geotargeting feature of Cookiebot CMP<\/a> automatically determines where in the world a user of your website is located, e.g. in the EU or in Switzerland, and presents the correct compliance solution automatically.<\/p>\n\n\n\n Let\u2019s have a closer look at the Swiss FADP and its requirements for your website.<\/p>\n\n\n\n Under Switzerland\u2019s Data Protection Act (FADP), websites that process personal data from users inside Switzerland might need to first obtain the prior, freely given and, informed<\/strong> consent<\/strong> from those users in order to do so.<\/p>\n\n\n\n This includes cookies that are not strictly necessary for the basic function of your website, but which process personal data for other purposes, such as analytics or marketing.<\/p>\n\n\n\n Consent is required in the case of processing of particularly sensitive personal data, high-risk profiling by a private person or profiling by a federal body.<\/p>\n\n\n\n Additionally consent might be needed if data is transferred to a country without an adequate level of protection.<\/p>\n\n\n\n Consent to cookies is only valid if it is a real choice<\/strong>, i.e. if the user consents without coercion, pressure or other external influence. This means that a user<\/strong> who refuses a cookie that requires consent should not be denied certain services or benefits<\/strong>, such as access to the site.<\/p>\n\n\n\n When a user refuses cookies, they should not be exposed to any negative consequences and should be able to continue accessing the website.<\/p>\n\n\n\n Like the EU\u2019s GDPR, the Swiss FADP requires that end-user consent to cookies be specific<\/strong>, i.e. the user's consent must be sought for each type of purpose pursued by cookies.<\/p>\n\n\n\n Consent cannot be given for a general use of all cookies without further specification of what data is collected via those cookies and for what purposes. Rather, the Swiss FADP requires a more detailed choice than a simple \"all or nothing\", i.e. consent for each category of cookies<\/strong>.<\/p>\n\n\n\n Consent information should be visible<\/strong>, complete<\/strong> and noticeable<\/strong>. It should be written in simple terms that any user can understand and be available in all the languages of the website<\/strong>, e.g. if the website is aimed at a French- and German-speaking audience, the information on the consent banner should be written both in French and in German.<\/p>\n\n\n\n This information is usually grouped in a website\u2019s privacy or cookie policy and should at least include:<\/p>\n\n\n\n Additionally it might be necessary to include the categories of the data which is processed and the countries to which the data is transferred to, in case the country does not have an adequate level of security, as well as the garanties the data transfer is based on.<\/p>\n\n\n\n Get an automatic cookie policy with Cookiebot CMP<\/a><\/p>\n\n\n\n Try Cookiebot CMP free for 14 days<\/a>\u00a0\u2013 or forever if you have a small website.<\/p>\n\n\n\n As expected, there are quite a few changes to the new FADP from the previous regulation. Some of the most notable are as follows:<\/p>\n\n\n\n Privacy by design:<\/strong> Data privacy and protection must be a part of the process beginning with the planning stages of projects. Organizations must keep data subjects\u2019 privacy in mind at all stages of development.<\/p>\n\n\n\n Enhanced consent requirements: <\/strong>The updated law pays greater attention to data subjects\u2019 awareness of and education about collection and usage of their personal data. Organizations must clearly communicate about the data collected, purposes, and more, as well as users rights and options to exercise them. Consent requirements are also expanded to more cases.<\/p>\n\n\n\n Easier to exercise data subject rights: <\/strong>Data subjects can more easily make access requests to exercise their rights under the law. The process for individuals to request details about their personal data with any organization has been streamlined.<\/p>\n\n\n\n Data breach notifications: <\/strong>Organizations are required to notify users and other relevant stakeholders about a data breach or related violation as soon as possible. The FDPIC must also be notified immediately. There are clear and specific requirements for information that must be communicated about the breach. <\/p>\n\n\n\n Expanded powers and more severe penalties: <\/strong>Individuals have more options to restrict or reject the processing of their personal data. The FDPIC has expanded enforcement powers for violations of the law, and authorities can enact more severe penalties.<\/p>\n\n\n\n The Swiss data protection act is extraterritorial, so it applies to organizations both based in Switzerland and outside of it if they provide goods or services and process Swiss residents\u2019 personal data. Companies subject to the FADP that are based outside of Switzerland need to designate a Swiss representative. This individual will liaise with the Swiss authorities and data subjects.<\/p>\n\n\n\n Organizations also need to potentially make changes to their operations end to end if their data privacy and protection practices have not been sufficiently robust. These include: <\/p>\n\n\n\n Organizations processing the personal data of Swiss residents will be required to comply as of September 2023; there will not be a grace period before enforcement. Companies that already comply with the GDPR will not have much additional work to do, but it is important that they familiarize themselves with FADP requirements. There are also some exemptions to some FADP requirements for SMEs up to 250 employees that organizations should be clear on.<\/p>\n\n\n\n Data subjects must be informed about all instances of collection and use of their personal data, whether collected directly or indirectly. Organizations also need to maintain a register of processing activities, and both controllers and processors have data privacy and protection responsibilities, particularly with regards to third-party access to the data , e.g. vendors.<\/p>\n\n\n\n Ensuring compliance helps organizations ensure that their data processing is done securely and responsibly, and that use of personal data is legal. FADP compliance provides data subjects with control over their privacy and personal data.<\/p>\n\n\n\n Fines for violations are one of the most important reasons compliance is important, but additionally a data breach or other violation can result in damage to a company\u2019s reputation and loss of user trust. Companies can create a competitive advantage by being clear and transparent in their communications with users and showing respect for data privacy and managing consent requirements compliantly.<\/p>\n\n\n\n Achieving and maintaining FADP compliance also enables companies to compete better in the European Union, as they will meet stringent privacy requirements that enable cross-border data transfer and other common functions of doing business globally.<\/p>\n\n\n\n![\"Red](\"\/media\/4324\/cuckoo-clock.jpg?width=450&&mode=max\")
The Swiss privacy law - quick breakdown<\/h3>\n\n\n\n
\n
Data subject rights under the Swiss data protection act<\/h2>\n\n\n\n
Swiss FADP compliance with Cookiebot CMP<\/h3>\n\n\n\n
The Swiss Federal Data Protection Act - in detail<\/h2>\n\n\n\n
Swiss FADP on consent, pre-ticked boxes and cookie walls<\/h4>\n\n\n\n
![\"Illustration](\"\/media\/4326\/chocolate.jpg?width=450&&mode=max\")
\n
Main changes to the Swiss data protection act<\/h2>\n\n\n\n
The new revised FADP compliance requirements<\/h2>\n\n\n\n
\n
Obligations for companies under FADP<\/h2>\n\n\n\n
Why is it so important to comply with the new FADP?<\/h2>\n\n\n\n
GDPR vs. new FADP<\/h2>\n\n\n\n
![\"Illustration](\"\/media\/4327\/horn.jpg?width=450&&mode=max\")
![\"Pepco\"](\"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2023\/11\/pepco_group_logo_340px_01-1.svg?v=1548f22bcec1f087\"\n){kind=logo}
\n <\/div>\n ![\"rural-king\"](\"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2023\/11\/rural-king.svg?v=c61b94b055f7f6f1\"\n)
\n <\/div>\n ![\"orbico\"](\"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2023\/11\/orbico.svg?v=0c403b5e138f2d8e\"\n)
\n <\/div>\n ![\"credit-exchange\"](\"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2023\/11\/credit-exchange.svg?v=6bb93c10d76574f5\"\n)
\n <\/div>\n ![\"canon\"](\"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2023\/11\/canon.svg?v=d58e7999bf5b46cc\"\n)
\n <\/div>\n ![\"bauhaus\"](\"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2023\/11\/bauhaus.svg?v=695ed7c488c3a310\"\n)
\n <\/div>\n <\/div>\n <\/div>\n","protected":false},"excerpt":{"rendered":"