Understanding FDPIC Investigations of Data Protection Violations

Sep 7, 2023

In September 2023, the Federal Data Protection and Information Commissioner (FDPIC) released an updated factsheet outlining the process of investigating violations of data protection regulations in Switzerland. This article provides a summary of key insights from the FDPIC’s guidance on Articles 49-53 of the Federal Act on Data Protection (FADP).

Reason and Purpose of the Investigation

Under the FADP, the FDPIC is responsible for ensuring compliance with data protection regulations. The FDPIC initiates investigations when there are “sufficient indications” that a data processing activity may violate these regulations. Investigations aim to establish the facts and assess whether a violation has occurred. If a violation is confirmed, the FDPIC can impose administrative measures.

Informal Preliminary Enquiries

Before launching a formal investigation, the FDPIC may conduct informal preliminary inquiries to determine if an investigation is necessary. This phase helps clarify whether the potential violation merits a full investigation, and it allows for quick resolution in some cases.

Legal Status of Reporting Parties

Reporting a potential violation is essential, and it can be done by data subjects, third parties, or the FDPIC itself. Reporting parties may or may not have the status of a party in the investigation proceedings, depending on their role and involvement in the case.

The FDPIC’s Duty to Investigate

The FDPIC must investigate significant violations of data protection regulations, but it has the discretion to decide not to investigate minor violations. The determination of “minor importance” is somewhat subjective but guided by ensuring an adequate level of data protection.

Investigation Proceedings

Investigation proceedings follow the Federal Act on Administrative Procedure (APA) and include cooperation from the party involved. The party has specific rights throughout the investigation, such as the right to a fair hearing and access to files.

 

Recent news

Position paper on GDPR Evaluation 2024

Position paper on GDPR Evaluation 2024

This paper highlights how, from the perspective of data protection practitioners, the business sector –
particularly small and medium-sized enterprises (SMEs) – can be better supported in meeting data
protection requirements within the context of increasing digitization.

read more