Switzerland: Revision of the Swiss Data Protection Law Is Complete and Enters into Force on September 1, 2023

Data protection has a special status within the framework of Swiss Labour Law.

The employer may only process data about the employee insofar as it relates to the employee’s suitability for his job or is necessary for the performance of the employment contract (Art. 328b of the Swiss Code of Obligations). Thus, an employer may only use and store information on the employee’s person, documents on education and training as well as professional experience if they are closely related to the employment relationship in question. Complementary, the provisions of the Data Protection Act (DPA) apply.

In its fall 2020 session, Swiss Parliament passed the new Data Protection Act. (nDPA). It improves the processing of personal data and grants Swiss citizens new rights. Swiss law’s compatibility with European law, and in particular with the European General Data Protection Regulation (GDPR), is one of the nDPA challenges. The nDPA should guarantee the free flow of data with the European Union (EU) and thus avoid a loss of competitiveness for Swiss companies. 

On August 31, 2022, the Federal Council decided that the new DPA shall enter into force on September 1, 2023. At the same time, the Federal Council also adopted the new Ordinance on Data Protection Certifications. With this, the legislative work on the revision of the Swiss Data Protection Law is complete.

This important legislative change also comes with a number of obligations for employers. We will inform our clients in due course in detail about these obligations and the necessary adjustments.