+41 41 521 80 00 | info@lexcellence.swiss

Open jobs!

GDPR Administrative Fines and Sanctions: How Will They Be Applied in Switzerland?

GDPR Administrative Fines and Sanctions: How Will They Be Applied in Switzerland?

Sunday, 25 September, 2022

The General Data Protection Regulation (GDPR) is one of the most significant advances in data regulations in recent history. It has offered users more control over their data since it came into force.

The law has significantly influenced how corporations gather, keep, and manage data. Aside from its strong foundation and broad scope, the GDPR is famous for its hefty fines for infringing corporations.

Many enterprises located in non-EU nations struggle to comply with EU privacy laws. This includes businesses from nations like Switzerland with rather strict data privacy laws. As long as a Swiss organization is processing personal data that involves EU nations, it must be in compliance with the GDPR.  


How Are GDPR Fines Calculated?

If the supervisory authority determines that the violation is especially significant, here’s how the fines will be imposed:

There is a tiered structure of sanctions under Art. 83 of the GDPR depends on the type and seriousness of the breach.

Tier 1 infractions might result in fines of up to 2% of annual sales or CHF nine million, six hundred sixty thousand, whichever is higher.

Up to 4% of yearly turnover or CHF nineteen million three hundred twenty-six thousand, whichever is higher, for tier 2 infractions.

The following factors are taken into account when determining whether to assess each person with an administrative fine and how much that fine will be:

  • The type of the breach, the extent of the harm, and the number of individuals impacted
  • If the oversight body has taken any action against the company for the infraction;
  • The organization's damage control or preventative measures
  • The organization's prior instances of violations
  • The level of cooperation with the supervisory authority to address the problem;
  • The type of personal data impacted
  • Whether and how much notification was made to the supervisory authority;
  • Whether the infringement was accidental or deliberate
  • Financial advantages derived from the violation by the infringing organization
  • Technological and organizational measures used to safeguard people's data


Individuals impacted by the infringement in Switzerland may seek compensation for their losses under GDPR Article 82. They have the right to seek compensation through the courts. Unless the organizations can demonstrate that they are not accountable for the infraction, they must pay the compensation.


How Switzerland Businesses Can Be GDPR compliant

Not every GDPR violation results in consequences for data protection.

Since the Switzerland FADP aligns with the GDPR, minor violations may call for:

  • Issuing admonitions and cautions
  • Imposing a prohibition on data processing, either temporary or long-term
  • Ordering the correction, limitation, or deletion of data
  • Halting the flow of data to foreign nations.

If Switzerland and other non-EU businesses want to conduct business in the EU, they must abide by the GDPR.

Follow these procedures to become GDPR compliant if you want to start operating in the EU:

  • Modify your privacy statement
  • Establish an EU Representative
  • Review your authorization processes
  • Adopt a plan to prevent data breaches.



  1. https://www.i-scoop.eu/gdpr/gdpr-fines-guidelines-application-penalties/
  2. https://gdpr-info.eu/issues/third-countries/