The Revamped Swiss Data Protection Act: Key Insights for SMEs & Medical Practices

Nicolas Lagrèze

September 5, 2023

Switzerland recently underwent a monumental shift in its data protection paradigm with the introduction of the updated Data Protection Act (nFADP). This wasn’t just a mere amendment – it was a holistic transformation tailored to the intricacies of our digital age.

In a world where data is considered valuable, its protection has never been more critical. The new DSG set more precise guidelines, ensuring transparency and accountability in data handling practices.

For SMEs, these changes ushered in an era of enhanced clarity around data responsibilities. Meanwhile, for medical professionals, the revamped rules heightened the gravity around safeguarding patient data, with particular emphasis on sensitive information types such as genetic and biometric data.

What does these changes signify in practical terms for businesses and healthcare providers? Let’s unpack the implications and adjustments of this pivotal shift.

For SMEs: The Core Changes
1. Nature of Data Covered: The new act has narrowed its scope only to cover data of natural persons. That means the data of corporations or other legal entities isn’t encompassed within these regulations.
2. Sensitive Data Expansion: Genetic and biometric data are classified as sensitive. Businesses handling such data types need to exercise heightened caution. Embracing Privacy Principles:
Privacy by Design: This isn’t just a buzz phrase but a core tenet of the new law. It emphasises that during the development phase of any product or service that gathers personal data, the privacy of users should be a foundational element.
Privacy by Default: This principle mandates that when a new product or service is launched, the highest level of security should be active, with no need for user intervention. Every tech product or service should be pre-configured for maximum data protection.
3. Mandatory Processing Registers: Companies are now obligated to maintain a record of their data processing activities. However, there’s some relief for SMEs. If their data handling poses minimal risk to the users, they might be exempt from this.
– Promptness in Reporting: Businesses need to swiftly notify the Federal Data Protection and Information Commissioner (FDPIC) if there’s a breach in data security.
– Profiling Recognised: The act has embraced the modern age by formally introducing the concept of profiling – the automated handling of personal data – into the legislation.

Penalties: A Cautionary Note
With potential fines reaching up to CHF 250,000, compliance is not just best practice—it’s financially prudent. The DSG brings to light the concept of personal responsibility, emphasising accountability at all levels.

Global Reach, Local Impact:
No matter where your SME is headquartered, the DSG has got you covered if you’re catering to Swiss customers. Your business location takes a backseat; it’s all about where your clientele resides.

Medical Practices: A Closer Examination
While all businesses need to adhere to the new stipulations, some sectors face nuanced challenges. Medical practices stand out in this regard.

Enhanced Data Protection: With the inclusion of genetic and biometric data under sensitive data, practices need to be more diligent than ever.
Transparency with Patients: The Act necessitates clear communication to patients about how their data is used and shared.
Focused Data Management: The emphasis is on “Privacy by Design” and “Privacy by Default”, promoting data processing that is inherently safe and minimalistic.

Concluding Thoughts:
Adapting to the new Data Protection Act isn’t just about ticking off a compliance checklist—it’s a profound commitment to establishing trust. Whether you are navigating the world of SMEs or practising medicine, our evolving digital landscape demands rigorous data practices. In an era where a data breach can instantly tarnish a reputation built over years, there’s more at stake than ever. The foundation of any business or practice lies in the trust and confidence of its clientele, and ensuring their privacy has become paramount.

Furthermore, while regulatory adaptation sets a standard, it doesn’t negate unforeseen vulnerabilities. This is where cyber liability insurance steps in. Think of it as a safety net, protecting businesses from potential financial pitfalls that might emerge from data breaches or cyber threats. It’s an affirmation that you have a plan even if things go south. For medical professionals, where the sensitivity of patient data is unparalleled, this additional layer of protection can be invaluable.

So, as we venture deeper into our data-driven age, fortifying your data practices is not just a regulatory requirement but a strategic investment. It’s about safeguarding your brand’s integrity, prioritising your clientele’s privacy, and giving them the peace of mind they deserve. Consider cyber liability insurance, a proactive step towards risk management and another testament to your commitment to data security and trustworthiness.

Nicolas Lagrèze is the COO of Cyberion

Jonas Von Oldenskiold and other experts contribute to our newsletter

Jonas Von Oldenskiold and other experts contribute to our newsletter

Subscribe and stay up to date on key topics relating to cyber security and cyber insurance

*By subscribing, I agree to my data being processed in accordance with the privacy policy of

Want to read next

cyber attack

Mirela Dimofte

February 8, 2024

Sign up for the newsletter

If you want relevant updates occasionally, sign up for the private newsletter. Your email is never shared.