Switzerland · Transparency & Data Protection

Swiss transparency and data protection, in one platform

AccessPoint runs Transparency Act access requests and the revised Data Protection Act (nFADP) together — the 20-day clock, FDPIC mediation, breach notification, and DPIAs — multilingual across German, French and Italian, inside your own Microsoft 365 tenant.

Switzerland at a glance

Response deadline
20 days for the authority's position, extendable by 20 for complex or voluminous requests (FoIA Article 12)
Mediation
Request to the FDPIC within 20 days of a refusal; a written recommendation follows within 30 days
Access fees
Generally free; small requests are waived, with a capped fee only where a request requires significant effort
Breach notification
To the FDPIC as soon as possible (nFADP Article 24) — no fixed 72-hour rule
Impact assessments
Data protection impact assessment required for high-risk processing (nFADP Article 22)
Oversight
Federal Data Protection and Information Commissioner (FDPIC)
Languages
German, French and Italian

Built for Switzerland

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

Transparency Act requests

Intake to disclosure on the 20-day clock, with the Article 12 extension, the exceptions to access, third-party consultation, and a defensible record, all built on Microsoft 365.

FDPIC mediation

When access is refused, run the free mediation the Act provides — the request to the FDPIC within 20 days, the written recommendation, and the authority's ruling appealable to the Federal Administrative Court.

Revised FADP subject rights

Run access requests under Article 25 of the nFADP, with identity checks and the redaction of third-party data, beside your transparency requests in one system.

Breach notification to the FDPIC

Log a data security breach and get a live checklist of what must reach the FDPIC — reported as soon as possible under Article 24, without the GDPR's fixed 72-hour deadline.

DPIAs under Article 22

Run the data protection impact assessment the nFADP requires for high-risk processing — screeners, a guided questionnaire, an embedded risk register, and an exportable record.

Multilingual by default

Every interface element, notice, letter, and template is available in German, French and Italian, matching Switzerland's federal languages out of the box.

The 2023 data protection overhaul

The revised FADP modernised Swiss data protection. AccessPoint runs it beside the Transparency Act.

Since 1 September 2023, the revised Federal Act on Data Protection has required Swiss organisations to assess high-risk processing with a data protection impact assessment (Article 22), report data security breaches to the FDPIC as soon as possible (Article 24), and honour the right of access (Article 25) — backed by criminal fines of up to CHF 250,000 against responsible individuals. Most federal bodies already field Transparency Act requests. AccessPoint runs access requests, subject rights, DPIAs, and breach response on one platform, in your own tenant, multilingual across German, French and Italian.

DPIAs, Article 22 High-risk assessments with screeners and an embedded risk register.
Breach, Article 24 A live FDPIC checklist on the 'as soon as possible' standard.
DE / FR / IT Every notice and template in all three federal languages.

Configured out of the box

Installing the ch-transparency-dp configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: FOI Workflow Quick Check
  • The Transparency Act (FoIA) and the revised FADP (nFADP) as the legal-authority spine
  • The 20-day access clock with the Article 12 extension, on Swiss calendars
  • The exceptions to access, with third-party consultation
  • FDPIC mediation and recommendation tracking, through to the authority's ruling
  • nFADP subject-request types — access (Article 25) and correction
  • Breach notification to the FDPIC on the 'as soon as possible' standard (Article 24)
  • Data protection impact assessments under Article 22 and the record of processing
  • Correspondence templates in German, French and Italian

Switzerland Questions

What deadline does the Swiss Transparency Act set?

The authority must state its position within 20 days of receiving an access request, extendable by a further 20 days for complex or voluminous requests (Article 12). If access is refused, the applicant can request free mediation from the FDPIC within 20 days. AccessPoint calculates the clocks and tracks the mediation through to the authority's ruling.

How does the nFADP differ from the GDPR on breaches?

The revised FADP requires notifying the FDPIC of a data security breach 'as soon as possible' (Article 24) rather than within a fixed 72 hours as under the GDPR. AccessPoint's breach calculator applies the Swiss standard and produces the FDPIC notification, with a full audit trail.

Is the platform multilingual?

Yes. AccessPoint ships in German, French and Italian — Switzerland's federal languages — so every interface element, notice, letter, and template can be presented in any of the three.

Where does Swiss data reside?

Entirely within your own Microsoft 365 and Azure tenant. Requests, documents, assessments, and audit history never leave your control — no third-party cloud, no vendor access, and no cross-border transfer of your data.

Run Transparency and Data Protection in One Platform

Try AccessPoint free for 30 days, pre-configured for Switzerland. No credit card required.

Start Free Trial