Data privacy is enshrined in the Swiss Federal Constitution. On a legislative level, data protection is mainly governed by the FADP, the FDPO and the DPCO. Various other Swiss laws contain data protection rules relevant for specific fields of application. For example, the Swiss Civil Code protects various aspects of individual personality rights, and the Swiss Code of Obligations contains special rules on personality rights and data protection within the employment relationship.
As Switzerland is neither a member of the European Union (EU) nor a member of the European Economic Area (EEA), EU law is not directly applicable in Switzerland (however, bilateral and multilateral international agreements ratified by Switzerland may contain regulations relating to data privacy). EU data protection laws are nevertheless relevant from a Swiss perspective. In particular, due to the extraterritorial scope of the EU General Data Protection Regulation (GDPR), the GDPR extends to organisations located outside the EU if they process personal data of individuals within the EU while offering goods or services or monitoring their behaviour. Therefore, most Swiss companies that target the EU or EEA must comply with the GDPR.