Employee Data Privacy

Switzerland - Breach Notification

 Download as a PDF

Are there any data breach notification requirements? 


A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Local data protection regulations have required data controllers to report such breaches in certain circumstances.


Under Swiss law, there is no obligation to notify the supervisory authority or individuals impacted by data breaches. However, in certain cases, it is recommended to notify the Federal Data Protection and Information Commissioner (FDPIC) (e.g. where sensitive data is affected or where the privacy of a large number of data subjects may have been breached).


Under the revised Data Protection Act, going into effect on September 1, 2023, employers and other data controllers will be obligated to notify the FDPIC, as soon as possible if there is a data breach that creates a high risk to data subjects.

In addition, the principle of good faith can result an obligation to inform employees, other data subjects and relevant third-parties when there has been a personal data breach. When notifying individuals, include steps they can take to protect themselves and otherwise minimize risk (such as changing passwords).


UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk