Last review date: 11 December 2024

Yes.

☒  general obligation to take appropriate / reasonable technical, physical and/or organizational security measures

☒  requirement to undertake third party due diligence (security assessment of third party providers)

Last review date: 11 December 2024

Yes, certain sector-specific laws contain specific data security obligations. The Information Security Act requires governmental bodies and public companies to protect against cyber attacks.

☒  public company obligations (e.g., duties to maintain sufficient information security measures or ensure operational resilience to cyberattacks?)

☒  network information security requirements (broader than telecommunications)

☒  health regulatory requirements

☒  financial services requirements

☒  telecommunication requirements

☒  other: there are more sector specific laws.

☒  Data privacy

☒  Securities or public company

☒  network information security

☒  health

☒  financial services

☒  telecommunications

☒  critical infrastructure

The Federal Data Protection and Information Commissioner undertook investigations with regard to data processing of companies that had a security breach. However, in general currently Swiss regulators are not (yet) very active in case of cyber security incidents.

Last review date: 26 December 2024

Yes.

Last review date: 26 December 2024

☒  data protection authorities

☒  affected individuals

Last review date: 26 December 2024

Controller/ owner

Last review date: 26 December 2024

☒  cybersecurity authorities

☒  health regulatory requirements (e.g., to notify incidents affecting safety of medical devices)

☒  financial services requirements