Skill

legalcode-ch-ndsg-compliance

Switzerland revised Federal Act on Data Protection (nDSG / revDSG / FADP, SR 235.1, in force 1 September 2023) compliance assessment. Use when an organisation needs to determine nDSG applicability, assess compliance posture against processing principles, information obligations, DPIA requirements, breach notification to the FDPIC, cross-border transfer safeguards, data processing agreement requirements, and criminal sanction exposure. Covers: processing principles (Art. 6 nDSG), privacy by design/default (Art. 7), data security (Art. 8), processor contracts (Art. 9), ROPA (Art. 12), foreign representative (Art. 14), information obligations (Arts. 19–21), DPIA and prior FDPIC consultation (Arts. 22–23), breach notification threshold and timeline (Art. 24), data subject rights including access and portability (Arts. 25–28), cross-border transfers and Federal Council adequacy list (Arts. 16–17, Annex 1 DPO), criminal sanctions on natural persons (Arts. 60–62), cantonal law variations, and GDPR comparison for EU-facing operations. Produces compliance assessments with COMPLIANT/PARTIAL/NON-COMPLIANT/CRITICAL classifications, prioritised remediation roadmaps, FDPIC notification readiness checklists, and criminal liability exposure analysis. Jurisdiction: Switzerland (federal nDSG) with cantonal variation notes.