The revised Swiss Federal Act on Data Protection (FADP), in force since 2023, modernises Switzerland’s privacy framework and brings it closer to GDPR while retaining Swiss-specific terminology and requirements. It focuses on transparency, data security, accountability and protection of personality and fundamental rights.
GDPR Register helps Swiss companies – and EU organisations processing Swiss personal data – meet these obligations in a structured, repeatable way.
Records and inventories for Swiss processing
The revamped FADP expects organisations to know which personal data they process, for what purposes and with which safeguards.
With GDPR Register you can:
- Map processing activities involving Swiss residents or Swiss establishments in a central register
- Document purposes, categories of data subjects and personal data, recipients and international transfers
- Capture key elements for Swiss record-keeping and accountability, including retention rules and security measures
- Import existing Excel-based inventories and convert them into a structured, maintainable view
Transparency and information duties
The revised FADP strengthens transparency obligations, including informing individuals when their data is collected and when it is disclosed abroad.
GDPR Register enables you to:
- Link processing activities to the information you provide to data subjects (for example privacy notices)
- Record which processing involves disclosures abroad, and on what basis
- Keep a consistent view of where and how you explain processing, making it easier to keep notices up to date
Processors, service providers and cross-border transfers
Swiss law requires appropriate safeguards where personal data is transferred abroad, and clear arrangements with processors and service providers.
With GDPR Register you can:
- Maintain a central register of processors and service providers, including data location and transfer details
- Track contractual safeguards and other measures for transfers from Switzerland to other countries
- Link each vendor to the processing activities and systems they support, so the impact of any change or incident is clear
- Integrate vendor and transfer risks into your overall privacy risk view
Risk and high-risk processing
The revised FADP introduces expectations around risk-based approaches and, in certain cases, impact assessments for high-risk processing.
GDPR Register helps you:
- Run risk assessments for processing that may significantly affect individuals’ rights, such as monitoring, profiling or large-scale processing
- Use a risk matrix to assess likelihood and impact, and prioritise mitigation measures
- Link risks to specific Swiss-relevant processing activities, systems and vendors
- Track mitigation actions, owners and deadlines for a clear accountability trail
Rights of Swiss data subjects
The FADP gives individuals rights such as access, rectification and deletion, and expects organisations to handle these efficiently.
With GDPR Register you can:
- Log and manage data subject requests from Swiss individuals in a single register
- Track deadlines, status, responsible owners and outcomes
- Link each request to the relevant processing activities and systems to streamline responses
- Maintain an audit trail of decisions, including where legal or operational constraints limit certain actions
Part of a multi-regulation approach
Many organisations that handle Swiss data also need to comply with GDPR, UK GDPR and other regimes.
GDPR Register supports this by:
- Allowing you to reuse your core data inventory and add FADP-specific tags and fields where needed
- Providing configurable templates so records, assessments and vendor information reflect Swiss requirements alongside others
- Offering dashboards and filters that show which activities, systems and vendors are in scope of the revised FADP as well as other laws
In short: GDPR Register helps Swiss organisations and EU firms processing Swiss data meet FADP 2023 expectations on record-keeping, transparency, risk management, vendor oversight and data subject rights – all within a single, multi-jurisdiction privacy platform.