What is revFADP and how does it differ from EU GDPR?

revFADP (revised Federal Act on Data Protection) is Switzerland’s data-protection law, in force since 1 September 2023. It replaced the 1992 FADP and is broadly “GDPR-equivalent” — the EU recognises it under an adequacy decision, so EU↔CH data flows continue freely.

Key Swiss specifics vs EU GDPR:

• Only natural persons are protected (EU GDPR also covers some legal-entity edge cases).
• Profiling has stricter explicit-consent rules.
• DPO appointment is voluntary (not mandatory like under EU GDPR Art. 37).
• Sector regulators on top — FINMA for finance, BAG for health.
• Penalties are applied to individuals (executives), not just companies.

We wire revFADP-compliant cookie consent, DSAR automation, retention rules in customer + sales_order, and a privacy notice in DE / FR / IT / EN.