
		Updated presentation on why we say: "Switzerland - the best place to do business"

		Switzerland - why?

		Forms of businesses

		Establishing a company

		Business development agencies

		American firms in Switzerland

		Swissnetwork - The portal for business & investment in Switzerland

		Forms of businesses

		M&A in Switzerland

		Labor law

		Work permit rules

		Intellectual property

		Consumer protection

		Data protection

		Real estate, incl. Lex Friedrich

		Banking confidentiality

		Rules against money laundering

		Enforcement of a money claim

		Insolvency and bankruptcy

		Mutual assistance in Switzerland

		Prohibited procedural acts, depositions

		EU-relations

		Distribution agreements

		Anti-trust regulations

		Bilateral treaties

		Legal developments

		Others

		Swiss Code of Conduct

		Corporate taxes, summary

		Individual taxes, summary

		Expatriates taxation

		IRS - Info for int'l taxpayers

		Federal laws and authorities

		Cantonal laws and authorities

		Double taxation treaties, foreign taxes

		Tax calculations & tax rates

		Tax laws in english Federal law with regard to Value-Added

		Swiss VAT (refund of)

		Social insurance

		Quality of living - Ranking

		Country, population, language

		Education, schools

		Clubs, organizations

		Postal rates

		Transportation

		Conversions

		Maps

		Weather forecasts

		Newspapers, Books and Media

		Embassies

		Zurich

		Geneva

		Ticino

		Travel, trade fairs

		Associations, embassies

		Overview

		Work Permits

		Pertinent Websites - Lake Geneva Area

		Job Banking Employment Web-Sites

		Link to Events page

		Link to Publications page

Data protection in Switzerland

The applicable law consists of the Federal Statute on Data Protection of June 19, 1992 and the Ordinance thereto. The law recently underwent revision; effective per January 1, 2008. The law is applicable to the processing of any information related to an individual or a legal entity, which identifies the respective person or with which it can be identified. Processing is any handling of personal data, e.g. the procuring, safekeeping or editing, irrespective of the means and procedures of use (manual or automated).

Several principles must always be adhered to when personal data is processed. For example, the data processor must ascertain that the data processed is accurate, and adequate technical and organizational measures must be taken to protect personal data against unauthorized access by third parties.

Conceptually, data protection is part of the law on privacy. Because of this the processing of personal data always requires a justification to be lawful. There are three types of justification: (1) the consent of the data subject to the data processing, (2) an overriding public or private interest in the data processing or (3) a statutory obligation to process data.

The transfer of personal data to countries with a weaker level of data protection such as the U.S. requires a special justification to make such transfer lawful, most importantly (1) the consent of the data subjects in the specific case (2) a data transfer agreement or (3) in case of a group internal transfer, group internal data protection guidelines.

In certain situations of data processing, the data processor is under an obligation to register the respective data collection with the Federal Data Protection Commissioner. Further, if data collections are transferred to a country that lacks a level of data protection similar to Switzerland, the data processor may be obliged to inform the Commissioner on certain aspects of this data transfer. Yet, the law gives the data processor some means to avoid these notification obligations, especially by implementing certain self-regulatory measures.

If personal data is processed unlawfully, the data subject has a number of remedies in civil law, most importantly a claim for disclosure and the correction and/or the destruction of the data. Even though rare in practice, also damages are available. Willful non-compliance with certain statutory obligations, e.g. the notification obligations mentioned above, can be fined.

Non-compliance with the data protection law is rarely sanctioned in Switzerland, neither by way of a civil action, nor by way of a fine in criminal law. Irrespective of this the non-compliance with the privacy laws can considerably affect the reputation of a company. This should not be underestimated.

Most of the revisions of the data protection legislation per fall 2007 can be allocated to either of the following two objectives: (1) more transparency when personal data is being processed and (2) the introduction of self-regulatory elements in the compliance with the law.

Applicable Law
Detailed information
     Scope
     Principles of and justification for data processing
     "Regular” and qualified personal data
     Procurement of personal data
     Justification: Consent and private interest in particular
     Transfer of personal data abroad
     Regulatory filing obligations with the Swiss Data Protection Commissioner
     Employees: Processing of personal data/monitoring
     Technical data protection
     Outsourcing
     Safe Harbor
     Remedies of data subject
     Enforcement of data protection
Frequently asked questions
Useful links

This site has been prepared by

Christian Drechsler
Corporate Legal Advisor
Zurich Insurance Company Mythenquai 2
8002 Zurich
Switzerland

E-Mail: christian.drechsler@zurich.com

March 08