FADP Compliance
Pandectes GDPR Compliance helps Shopify Stores comply with the Federal Act on Data Protection (FADP) by scanning them and identifying the cookies and tracking technologies in use. The scan generates a report that classifies these technologies based on regulatory guidelines and provides options for updates to ensure compliance with APPI.
What is FADP?
The Federal Act on Data Protection (FADP) in Switzerland has been updated to address modern digital challenges. Introduced in 1992, it was revised in 2020 with the New Federal Act on Data Protection (nFADP), set for implementation in September 2023. The nFADP focuses on protecting individual data, classifying genetic and biometric information as sensitive, and emphasizes principles like “Privacy by Design”. It aligns closely with the European GDPR, ensuring seamless data exchange between Switzerland and the EU.
Who does the FADP apply to?
The Federal Act on Data Protection (FADP) applies to organizations that process data of Swiss data subjects.
What happens if I don't comply with the FADP?
If you don’t comply with the Federal Act on Data Protection (FADP), there are several consequences:
- Enforcement by FDPIC: The powers of the Federal Data Protection and Information Commissioner (FDPIC) have been expanded. The FDPIC can initiate an investigation into a company either on its own initiative or upon notification. In the event of breaches of data protection regulations, the FDPIC can order measures such as the adjustment or suspension of data processing, or even the deletion of data.
- Civil Law Remedies: Under the revised FADP, data subjects have civil law remedies to enforce their claims. Changes made to the Civil Procedure Code stipulate that the relevant court proceedings are to be free of charge.
- Fines: In the event of intentional breaches of the revised FADP, such as failures to provide information, cooperate, or exercise due diligence:
- Private individuals may be fined up to CHF 250,000.
- In business operations, if identifying the offending persons would involve disproportionate effort, companies can be fined up to CHF 50,000. If a fine of no more than CHF 50,000 would be considered for such persons, they can also be fined.
When will the FADP go into effect?
The Federal Act on Data Protection (FADP) is set to go into effect on September 1, 2023. This date marks the implementation of the revised FADP along with the related Ordinance to the FADP, which is expected to be issued by the Federal Council.
Complying with the FADP
The FADP stands as one of the comprehensive data privacy laws, and other countries, such as Germany, France, and Italy, are also introducing their own privacy regulations. As businesses operate across multiple jurisdictions, it becomes increasingly difficult to navigate and adhere to the intricate network of international data privacy laws.
Maintaining compliance begins with staying informed about the evolving legislation that may impact your company. Keeping track of these laws as they progress through national legislatures is essential. Subscribing to relevant newsletters and resources can be helpful.
When a new law is enacted but not yet in effect, it is advisable to review its text in collaboration with legal counsel. They can assess your compliance status and provide guidance on necessary actions.
To streamline the data compliance process, consider utilizing a Consent Management Platform (CMP) like Pandectes GDPR Compliance. A CMP relieves the burden on your team by offering customizable consent management, automation of data subject access requests, and tools for cookie & vendor management. Pandectes GDPR Compliance is specifically designed for Shopify Stores and is ready to assist you in achieving and maintaining compliance within the ever-changing landscape of data privacy.