What the new Swiss Data Protection Act means for your website

Switzerland's new Data Protection Act (DPA) will come into force on September 1, 2025. This reform considerably strengthens the protection of Swiss residents' personal data and aligns with the famous European RGPD that you're probably already familiar with. But what does this Swiss DPA mean for your website?

The 4 key obligations of the Swiss DPA for your website

Here's what you need to know if you run a website:

• You must obtain users' consent before collecting their personal data. Under the new law, this includes names, emails, IP addresses and payment information. You must clearly explain why you are collecting this data and how you intend to use it.

For example, if you're collecting emails for your newsletter, say so clearly! Also specify how your subscribers can unsubscribe. If you track IP addresses, explain why you track activity on your site. Transparency is your best ally in the face of these new requirements!

• You must inform users of their rights regarding their data. Under the Swiss DPA, these rights include access, rectification, erasure, restriction of processing, portability and opposition to processing. Offer a simple way to exercise these rights.

A good practice? Create a dedicated page where your users can consult, modify or delete their data. At Smart Impact, we always set up an easy-to-access form so that users can exercise their rights in just a few clicks.

Safety and documentation: unavoidable obligations

• You need to take your users' personal data seriously. The new legislation requires strong passwords, encryption of sensitive data and adequate physical protection.

How does it work? Protect your site and customer database with complex passwords. Encrypt sensitive data such as credit card numbers. Don't forget physical security measures such as cameras or alarm systems to protect your premises and servers.

• You must keep detailed records of your processing activities. By law, this document must specify what data you collect, why you process it, who has access to it and how long you keep it.

For example, keep an up-to-date list of people who have access to your customer database. Document every collection or processing of personal data. I know it sounds tedious, but it's essential for compliance!

The concrete benefits of the new Swiss DPA

Despite the constraints, this new law offers real advantages:

• It reinforces users' rights. With this reform, your customers now have more control over their personal data. They can access, rectify, delete, limit processing, transfer or object to the processing of their information. This is a great thing for digital confidence!
• It sets deterrent penalties. Non-compliant companies face fines of up to 20 million Swiss francs or 4% of worldwide sales. These sanctions are a strong incentive to respect personal data.
• It enhances Switzerland's image. This legislation shows that the country takes data protection seriously. A real asset for Swiss companies working with the European Union or other countries with similar laws.

How do you comply with the new legislation?

I'm not going to lie to you: the penalties for non-compliance with the Swiss Data Protection Act are scary! Up to 20 million Swiss francs or 4% of worldwide sales. In other words, it's best to be seriously prepared.

Here are my tips to help you get up to speed:

• In-depth analysis of your current data protection practices
• Update your privacy policies and procedures to meet new requirements
• Raise awareness and train your teams in these regulatory changes
• Invest in compliant safety measures
• Create and update your data processing register

By following these recommendations, you'll not only protect your users' data, you'll also avoid the heavy penalties laid down by law. It's a win-win situation!

Practical solutions for WordPress and PrestaShop

Good news for WordPress and PrestaShop users! There are a number of plugins that can help you comply with the new Data Protection Act. These tools help you collect consent, manage users' rights and effectively protect their personal data.

Here are two particularly effective plugins we recommend:

• GDPR Cookie Consent for WordPress - easy to configure and compatible with Swiss requirements
• GDPR for PrestaShop - an official solution adaptable to the Swiss context

These plugins are easy to install and enable you to quickly comply with the requirements of the new legislation. In just a few hours, you can already have the essentials in place!

Need help with the new HPA? We're here to help!

Feeling overwhelmed by all these new demands? Don't worry! At Smart Impact, we work with companies on a daily basis to help them comply with the Swiss Data Protection Act. Our team is fully conversant with the subtleties of this reform, and can offer you solutions tailored to your specific situation.

Don't wait until the last minute to prepare for this important deadline. Contact us today to discuss your needs and work out a tailor-made compliance strategy. Data protection isn't just a legal obligation - it's also a confidence-building measure for your customers!

Mehdi B.

Co-founder of Smart Impact.Passionate about the web from the outset, he launched his first project in 2006: an online music magazine that is still running today. With almost 20 years' experience in SEO, a federal diploma in marketing and a solid geek culture, he and his team transform customers' (sometimes vague) ideas into concrete digital projects.