On 1 September 2023, the new Data Protection Act (nFADP) will come into force in Switzerland. The European Union’s General Data Protection Regulation (GDPR) has been in force since 25 May 2018. These legislative texts define a specific framework for the processing, storage and use of data. Any company that uses data must comply with these texts, depending on the origin and status of the data concerned.
These obligations apply not only to the companies themselves but also to all of their service providers and subcontractors. It is therefore important to ensure that these parties comply with the regulatory obligations, otherwise the company itself may end up on the wrong side of the law, due to “cascading liability”, in the event of a problem with the data.