Part 15 of our series on data protection law in Switzerland
In the final part of our series on the revised Swiss Federal Act on Data Protection (FADP), we take a closer look at the consequences of non-compliance—with a focus on the penalties outlined in Art. 60 to 64 FADP.
Under these provisions, individuals—not companies—can be held personally liable and fined up to CHF 250,000 for certain willful violations, including:
- Failing to inform data subjects under article 19 paragraph 1 and article 21 paragraph 1, or provide with the information required under Art. 19 paragraph 2 FADP;
- Providing false information to the Federal Data Protection and Information Commissioner (FDPIC) or refusing to cooperate in an investigation;
- Disclosing personal data abroad without appropriate safeguards or a valid exception;
- Appointing a third party to process personal data in breach of the requirements set out in Art. 9(1) and (2) FADP;
- Failure to comply with the statutory minimum data security requirements;
- Breaching professional confidentiality by disclosing confidential personal data;
- Disregarding binding orders of the FDPIC or final decisions of appeal bodies.
Please note: Companies can only be fined directly if the penalty is CHF 50,000 or less, and only if identifying the responsible individuals would require disproportionate effort (Art. 64 FADP).
We hope you've found value in our series on Swiss data protection law. For a more detailed overview of Swiss data protection legislation, you may also consult our contribution to the ICLG Data Protection Laws and Regulations Report 2025 by clicking here.
For tailored guidance or support, feel free to get in touch with us.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.