The current Swiss Data Protection Act (DPA) is twenty-five years old and a brand new law is being prepared by our federal authorities. It is not expected to enter into force before 2019. However the European General Data Protection Regulation (GDPR) will apply from 25 May 2018 and bring a few important changes to the current data protection regulation in Europe (more about the changes here, in French). This is why the question of the implementation of the GDPR in Switzerland must be addressed.
The new regulation is valid across all EU countries and directly applicable. Organisations and individuals can be fined if they do not adhere to the law: where minor breaches can be fined up to €10 Million or 2% of the annual worldwide turnover (choose the greatest), major breaches will be fined up to €20 Million or 4% of the annual worldwide turnover (choose the greatest). The question of a direct enforcement of the administrative measures and sanctions in Switzerland has yet to be answered. Furthermore national authorities will have the power to temporarily or permanently stop data processing.
Source : François Charlet