Avoid Fines. Stay Compliant. Focus on What Matters.
Your Reliable Partner for nFADP Compliance
The revised Swiss Federal Act on Data Protection (nFADP) has raised the bar — with stricter rules, clearer obligations, and personal liability for decision-makers. heyData helps you meet every requirement with expert support, smart tools, and a free digital compliance check.
Trusted by 1,500+ Companies Across Europe
Why nFADP Compliance Is Business-Critical
Increased Individual Liability
Executives and decision-makers can be held personally accountable — with fines up to CHF 250,000.
Stricter Documentation
The Federal Data Protection and Information Commissioner (FDPIC) may request detailed documentation at any time (e.g., if a violation is suspected).
Mandatory Transparency
Companies must provide clear and complete information about how personal data is collected, processed, and stored.
New Rules for Data Transfers Abroad
Personal data sent outside Switzerland (e.g., to U.S. cloud providers) must be protected with safeguards like SCCs and documented risk assessments.
How Does nFADP Compare to GDPR?
GDPR (EU)
nFADP (Switzerland)
Territorial Scope
Applies to companies based in the EU and to non-EU companies that process personal data of individuals residing in the EU
Applies to companies based in Switzerland and to non-Swiss companies that process personal data of individuals residing in Switzerland
Personal Liability
Fines issued to companies
Individuals (e.g. executives) can be personally fined (up to CHF 250,000)
Documentation Duty
Mandatory for most organizations
Mandatory for all organizations, regardless of size
Fines
Up to €20 million or 4% of global turnover
Up to CHF 250,000 per person responsible
What’s Included in Our nFADP Solution
Centralized Records for Seamless nFADP Compliance
Keep all required records up to date — Our platform ensures you're always prepared for an inquiry from the FDPIC — with complete, audit-ready documentation at your fingertips.
Contract Management and Vendor Oversight Made Easy
Stay compliant when working with external service providers — whether in Switzerland, the EU, or globally. We help you draft, manage, and monitor legally valid processor agreements.
Empower Your Team to Handle Data Responsibly
Under nFADP, your team must understand how to handle personal data. Our digital training course with a certificate ensures your employees meet legal awareness requirements — with minimal admin effort.
Hear it From Our Customers
"heyData impressed us with their digital software solution and expertise. Like us, heyData is a digital pioneer in a rather traditional and less digital industry. heyData is a strong partner for the BRZ Group."
Markus Schobert
Head of Customer Service at BRZ Gruppe
"heyData is a great help for us and makes the topic of data protection really easy. We are very satisfied with the digital audit, the online training and the customer support."
Leonard von Kleist
CTO & Co-Founder at Hive Technologies GmbH
"I value this feature for its ability to simplify supplier risk assessment. It is an indispensable tool for anyone dealing with data compliance in the European Union and Switzerland."
Jan Stephan
Head of Legal Affairs at Learnship
"As a customer, we have only had good experiences with heyData's support and communication. Questions were answered in detail, responses were always prompt and personal 1-1 support is also no problem."
Roman Georgi
Director Of Customer Support at AMBOSS
“What sets heyData apart is its responsiveness and rapid implementation.”
Sandra Scherzer
Legal department at Bioland
"We always receive competent and prompt advice from heyData and have so far been able to find a satisfactory solution to every question relating to the GDPR or data protection in general."
Nikolai
CTO at Instaffo GmbH
Ready to simplify your nFADP compliance?
How It Works: Your nFADP Compliance Roadmap
1
Get to Know Us
Book a free consultation and let’s talk about your company’s specific compliance needs. No obligation, just clarity.
2
Get a Tailored Offer
Based on your requirements, we’ll provide a custom recommendation from our transparent pricing packages — Starter, Professional, or Enterprise.
3
Complete Your Digital Audit
Our guided audit walks you through all nFADP-relevant areas of your business — step by step, with zero legal jargon.
4
Rely on Our Expert Support
From legal questions to technical setup, our team of data protection experts is here whenever you need us.
FAQ
The revised Data Protection Act (nFADP) has been in force since September 1, 2023. It obliges companies to process personal data under the law, ensure transparency, and implement appropriate technical and organizational measures (TOMs).
Important: Companies based abroad that process data of individuals in Switzerland are also affected. Violations can result in fines and reputational damage for companies and responsible individuals.
Unlike the GDPR, data processing is generally permitted under the nFADP and does not require approval or consent, as long as it is carried out lawfully. The Swiss Data Protection Act imposes strict requirements on the processing of personal data. Above all, data processing must not unlawfully infringe on the privacy of the data subject (Art. 30 nFADP).
A data protection officer (such as an external DPO) is not required by law—but in many cases it is strongly recommended, e.g., for extensive data processing, international data transfers, or a lack of internal expertise.
At heyData, we offer you exactly that: an experienced, certified external DPO who protects your company without you having to build up internal resources.
In such cases, a representative must be appointed in the EU if personal data of individuals in the EU is affected. Similarly, a representative must be appointed in Switzerland if a foreign company processes data in Switzerland.
The most important differences and similarities between the European General Data Protection Regulation (GDPR) and the new Swiss Federal Act on Data Protection (FADP) are listed below.
- Scope: The GDPR applies to all companies based in the EU, as well as to companies outside the EU that offer goods or services in the EU or monitor the behavior of EU citizens. The DSG applies analogously only to companies based in Switzerland or that process data of individuals in Switzerland.
- Data Protection Officer (DPO): The GDPR requires companies that carry out certain types of data processing to appoint a data protection officer. The DSG does not have an explicit requirement for a data protection officer, although it recommends that organizations that regularly process personal data appoint one.
- Rights of data subjects: Both laws grant data subjects similar rights, including the right to access, rectify, erase (“right to be forgotten”), restrict processing, data portability, and object to processing.
- Consent: Both laws require informed, specific, voluntary, and unambiguous consent as a prerequisite for the lawfulness of personal data processing, with both the DSG and the GDPR imposing special requirements on the processing of special categories of data.
- Data transfer outside Switzerland/the EU: Both laws contain provisions on the transfer of personal data outside Switzerland or the EU. However, the countries to which personal data may be transferred based on adequacy decisions may differ, with both laws providing for standard contractual clauses as a means of data transfer.
Finally, it should be noted that despite the differences between the GDPR and the DSG, Switzerland is committed to ensuring a level of data protection comparable to that in the EU to facilitate the free movement of data between Switzerland and the EU. However, the exact details and differences may vary depending on the precise interpretation and application of the laws in specific situations.
We provide comprehensive support for all requirements of the revDSG:
- Conducting a risk analysis and initial data protection audit
- Preparing and maintaining all legally required documents (guidelines, VVT, TOMs, etc.)
- Training for employees
- Communication with data protection authorities
- Ongoing compliance updates in the event of changes to the law
- Personal advice from our specialized attorneys
Unlike law firms, we offer not only a full consultation, but also the correct implementation of the nFADP requirements and ongoing support—digitally, efficiently, and scalably.
Finally, compared to in-house solutions, you don't need extra training costs, additional staff, or time-consuming internal coordination.
Yes. Whether you are an IT service provider, e-commerce company, SaaS provider, healthcare provider, or manufacturer, we tailor our documents, recommendations, and approach to your business model.