On 25 September 2020, the Swiss Parliament approved the final draft of the revised Data Protection Act (rev-DPA), with the aim to modernise its data protection laws and align it to the latest EU General Data Protection Regulation (GDPR).
The rev-DPA could still be subject to a facultative referendum, but will likely enter into force in 2022 and confer upon the Federal Data Protection and Information Commissioner (FDPIC) new and more extensive powers in order to impose criminal fines of up to CHF 250,000 on individuals responsible for certain types of infringement.
In this respect, foreign controllers and processors should assess whether they are subject to the rev-DPA and review their data processing activities that have an effect on Switzerland, regardless of where they take place.
For companies, it is foreseeable an increase in obligations relating to the production and disclosure of documentation to guarantee transparency on risk-related processing activities.
The new requirements can be summarised as follows: