Schweiz / Suisse · nDSG (New Data Protection Act, effective Sept 2023)
TL;DR
Websites targeting users in Switzerland must comply with GDPR as implemented locally through the nDSG (New Data Protection Act, effective Sept 2023). The supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC). Use our free scanner below to check your website instantly.
Free audit — 25+ automated checks in 60 seconds
Scan My Website Free →Authority
Federal Data Protection and Information Commissioner (FDPIC)
Website
www.edoeb.admin.ch ↗Local Law
nDSG (New Data Protection Act, effective Sept 2023)
Language
German, French, Italian
Population
8.8 million
New nDSG took effect September 1, 2023 — significantly closer to GDPR
Privacy by default required
Data Protection Impact Assessments mandatory for high-risk processing
Data breach notification within "as soon as possible" to FDPIC
No consent required for processing based on legitimate interest (differs from GDPR)
Criminal sanctions for individuals, not just fines for companies
Switzerland is not an EU member but its new nDSG aligns closely with GDPR. Key difference: violations can result in personal criminal liability for individuals (fines up to CHF 250,000), not just corporate penalties.
Cookie consent banner that requires opt-in before non-essential cookies
Privacy policy available in German, French, Italian
Clear identification of data controller and contact details
Data Processing Agreement (DPA) with all third-party processors
Lawful basis documented for each processing activity
Data Subject Access Request (DSAR) process in place
Data breach notification procedure compliant with 72-hour rule
Data Protection Impact Assessment for high-risk processing
International data transfer mechanisms documented (SCCs, adequacy decisions)
Records of processing activities (ROPA) maintained
In Switzerland, websites must comply with GDPR as implemented by the nDSG (New Data Protection Act, effective Sept 2023). Key requirements include obtaining explicit consent before setting non-essential cookies, providing a clear privacy policy, appointing a DPO when required, and notifying data breaches within 72 hours to the Federal Data Protection and Information Commissioner (FDPIC).
The Federal Data Protection and Information Commissioner (FDPIC) is the supervisory authority responsible for enforcing data protection laws in Switzerland. They can investigate complaints, conduct audits, and issue fines up to €20 million or 4% of annual global turnover.
Use PrivacyChecker's free scanner to perform an instant audit of your website. Our tool checks 25+ compliance points including cookie consent, privacy policy presence, security headers, tracker detection, and more — all relevant to Switzerland's GDPR requirements.
Find out in 60 seconds with our free GDPR scanner
Run Free Audit →