On a national level, data privacy is protected by the Swiss constitution. Data protection is mainly regulated in the Federal Data Protection Act (DPO), the Federal Data Protection Ordinance (DPCO) and the Federal Ordinance on Data Protection Certification. Various other Swiss laws contain data protection rules relevant for specific fields of application. The DPO is currently under revision. A preliminary draft of the DPA was published on 21 December 2016. Additional information about the revision is available here.
As Switzerland is neither a member of the European Union (EU) nor a member of the European Economic Area (EEA), EU law is in principle not directly applicable in Switzerland (please note, however, that applicable bilateral and multilateral international agreements ratified by Switzerland may contain regulations relating to data privacy). EU data protection laws are nevertheless relevant from a Swiss perspective, as such rules may be applicable to Swiss undertakings doing business in the EU. As we informed on 6 May 2016, a new EU General Data Protection Regulation (GDPR) will be applicable from 25 May 2018 and the GDPR will be directly relevant for many Swiss undertakings (see news 18.12.2015).