FADP Compliance
Pandectes GDPR Compliance helps Shopify Stores comply with the Federal Act on Data Protection (FADP) by scanning them and identifying the cookies and tracking technologies in use. The scan generates a report that classifies these technologies based on regulatory guidelines and provides options for updates to ensure compliance with APPI.
What is FADP?
The Federal Act on Data Protection (FADP) in Switzerland has been updated to address modern digital challenges. Introduced in 1992, it was revised in 2020 with the New Federal Act on Data Protection (nFADP), set for implementation in September 2023. The nFADP focuses on protecting individual data, classifying genetic and biometric information as sensitive, and emphasizes principles like “Privacy by Design”. It aligns closely with the European GDPR, ensuring seamless data exchange between Switzerland and the EU.
Who does the FADP apply to?
The Federal Act on Data Protection (FADP) applies to organizations that process data of Swiss data subjects.
What happens if I don't comply with the FADP?
If you don’t comply with the Federal Act on Data Protection (FADP), there are several consequences:
- Enforcement by FDPIC: The powers of the Federal Data Protection and Information Commissioner (FDPIC) have been expanded. The FDPIC can initiate an investigation into a company either on its own initiative or upon notification. In the event of breaches of data protection regulations, the FDPIC can order measures such as the adjustment or suspension of data processing, or even the deletion of data.
- Civil Law Remedies: Under the revised FADP, data subjects have civil law remedies to enforce their claims. Changes made to the Civil Procedure Code stipulate that the relevant court proceedings are to be free of charge.
- Fines: In the event of intentional breaches of the revised FADP, such as failures to provide information, cooperate, or exercise due diligence:
- Private individuals may be fined up to CHF 250,000.
- In business operations, if identifying the offending persons would involve disproportionate effort, companies can be fined up to CHF 50,000. If a fine of no more than CHF 50,000 would be considered for such persons, they can also be fined.
When will the FADP go into effect?
The Federal Act on Data Protection (FADP) is set to go into effect on September 1, 2023. This date marks the implementation of the revised FADP along with the related Ordinance to the FADP, which is expected to be issued by the Federal Council.