Académique Documents
Professionnel Documents
Culture Documents
JURISDICTIONAL SCOPE:
The data subject has its habitual residence in Switzerland, provided that the data
processor can anticipate that damage may be sustained in Switzerland.
The data controller or processor (as the potentially infringing party) is a Swiss resident.
Damage resulting from a data breach is sustained in Switzerland, provided that the
data processor can anticipate that damage may be sustained in Switzerland.
Additionally, any person that processes personal data must make certain that such data
is correct and complete (Article 5, DPA). Personal data must be protected against
unauthorised processing by appropriate organisational and technical measures (Article
7, DPA).
SECURITY REQUIREMENTS
Generally, the data controller must implement adequate technical and organisational
protection measures and ensure the confidentiality, availability and integrity of the data to
ensure an appropriate level of data protection. In particular, the data controller must
protect its systems against the following risks:
Criminal penalties
Anyone who willfully breaches professional confidentiality obligations relating to sensitive
personal data or personality profiles is liable to a fine (Article 35, Swiss Federal Data
Protection Act (DPA)). The maximum amount of the fine that can be imposed is
CHF10,000.
Civil remedies
Data subjects can file civil actions and request interim measures. Data subjects can
request that (Article 15, DPA):
Data processing be stopped.
No data be disclosed to third parties.
Personal data be corrected or destroyed.
Administrative remedies
The Commissioner can initiate administrative proceedings.