FADP (Federal Act on Data Protection )

Owned by Amrutha Bolad
Sept 06, 2023
5 min read

FADP compliant" refers to adherence to the Swiss Federal Act on Data Protection (FADP). Enacted in 2023, FADP governs the processing of personal data in Switzerland. Its aim is to protect individuals' privacy rights while ensuring data transfer compatibility with the European Union (EU).

  • Navigate to Company Level > Compliance > Assessments > FADP section to use the default template to start with FADP Assessment.

  • Click on Default Template to create your assessment for FADP. The assessment is divided into 8 sections. Every section has a set of questions to be answered for this assessment.

  • Click on Add to create a new FADP Assessment.

  • To start with please provide the Assessment Name of your choice. The current assessment will be stored by this name.

  • In this assessment, there are 8 sections. Below are the different sections with descriptions which will be used for the assessment:

  1. PERSONAL DATA: Personal data under FADP includes any information about a person that can identify them. E.g. full name, address, phone number, social security number, etc.

    Another category of personal data called sensitive personal data includes details about a person’s beliefs, health, race, biometrics, criminal records, and social assistance measures.

  2. DATA SUBJECT RIGHTS: Data Subject Rights in FADP compliant refer to the rights that individuals have over their personal data as established by the Swiss Federal Act on Data Protection (FADP). These rights include the right to access the personal data held by organizations, the right to rectify inaccuracies, the right to erasure ("right to be forgotten"), and the right to restrict processing. Individuals also have the right to data portability, allowing them to request their data in a machine-readable format.

  3. ACCURACY AND RETENTION:Accuracy: Accuracy refers to the correctness and precision of the financial data that is collected, processed, and stored within the FADP system. Ensuring accuracy is essential to prevent errors and discrepancies in financial reporting and analysis. In a FADP-compliant environment, accuracy involves and Retention refers to the period of time for which financial data is stored and maintained within the FADP system. It is important to retain data for the required duration to meet regulatory and business needs while also ensuring that data is properly managed to protect privacy and security. In a FADP-compliant environment, data retention involves

  4. TRANSPARENCY REQUIREMENTS: In FADP (Federal Act on Data Protection) compliance refers to the obligations and principles that organizations must adhere to in Switzerland to ensure transparency in their data processing practices. While the provided search results do not directly mention FADP, it's possible to draw parallels between FADP and similar data protection regulations, such as GDPR (General Data Protection Regulation).

  5. OTHER DATA CONTROLLER OBLIGATIONS: In the context of FADP (Switzerland's Federal Act on Data Protection) refers to additional responsibilities and requirements imposed on data controllers beyond the basic obligations outlined in the FADP. These obligations are essential for ensuring compliance with data protection regulations in Switzerland.

  6. DATA SECURITY: In the context of FADP (Swiss Federal Act on Data Protection) compliance, data security refers to the measures and practices put in place to protect individuals' personal data from unauthorized access, breaches, or misuse. FADP is Switzerland's data protection law that governs how personal data should be handled, and ensuring data security is a fundamental aspect of complying with this regulation.
    New FADP: As of September 2023, sensitive personal data under the FADP will also include data on administrative or criminal proceedings and sanctions as well as data on social security measures. This means two additional categories compared to the GDPR.

    GDPR: Sensitive data – under GDPR called special categories of personal data – include: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or a natural person’s sex life or sexual orientation.

  7. DATA BREACHES: In FADP-compliant organizations can have serious consequences. When a data breach occurs, it means that there has been a failure to maintain the confidentiality and security of personal data, which is a fundamental requirement under FADP. Organizations must take immediate steps to mitigate the impact of the breach, notify affected individuals, and report the breach to the appropriate authorities, as mandated by data protection regulations.

  8. INTERNATIONAL DATA TRANSFERS(OUTSIDE EEA)-IF APPLICABLE: FADP compliant refers to the process of transferring personal data from the European Economic Area (EEA) to countries located outside of the EEA. This concept is essential for organizations that need to move or share personal data across borders while complying with data protection regulations.

  • Once all the details are provided click on Save and click on Next for the next page.

  • For every question in the assessment, evidence can be uploaded using Upload Evidence, once the assessment is saved in the draft mode.

Assessment Status

You can ONLY View/Download an assessment while it is in a COMPLETED status.

You can ONLY Edit an assessment while it is in DRAFT status.

  • Action options include: Edit, View/Download, and Delete.

  • Edit: Continue with updates/edits to an open assessment.

  • Delete: permanently deletes the assessment.

  • View/Download: Start the ZIP file download containing three files (DOCX, XLSX, and Evidence folder containing individual XLSX files with the evidence uploaded during the assessment).

  • The downloaded Zip file ( the result of the assessment) will have two file formats docx and xlsx as shown above.

This completes the FADP Compliance Assessment document.

Â