Documentation of data processing activities under the revised Swiss Federal Act on Data Protection

The revised Swiss Federal Act on Data Protection (“RDPA”) will govern the processing of personal data by private companies in Switzerland as well as those established abroad whose personal data processing activities have an effect in Switzerland.

Companies will need to identify their processing activities and maintain a record of processing activities (“ROPA”). Companies with less than 250 employees and carrying out processing activities with limited risks will be exempted from this requirement.

If the processing of personal data by a company entails an elevated risk of infringing privacy or fundamental rights, a data protection impact assessment (“DPIA”) will need to be conducted.

To read further, click here.