Basic↦Ethics and Laws↦Swiss Law↦Data Protection Act
What is it? Why is it important?
The Federal Act on Data Protection (FADP) aims to protect the privacy and fundamental rights of persons from whom data is being processed.
The FADP regulates data processing:
- That entails the collection, storage, use, revision, disclosure, archiving, or destruction of data
- By private persons (natural and legal persons) and federal bodies
The Federal Council designates a Federal Protection and Information Commissioner (FDPIC). He / she:
- Is a competent authority on data protection and principle of freedom of information
- Advises private citizens on how to gain access to official documents
- Advises administrative authorities and federal departments on FADP implementation
For data transfer outside of Switzerland, Annex 1 of the DPO contains a list of States with adequate data protection legislations in place. The FDPIC has concluded (8th Sep 20) that the US-Swiss data protection shield is not adequately robust. Data transfers to the US should be avoided, unless covered by additional protective measures.
More
FDPIC tasks also include to:
- Supervise federal bodies
- Advise and supervise private bodies
- Assist federal and cantonal authorities on data protection
- Provide opinion on draft confederation legislation
- Provide opinion on code of conduct submitted by professional, industry and trade associations
- Consult on high-risk data protection activities
- Investigate violations of data protection regulations
- Cooperate with data protection authorities in Switzerland and abroad
- Inform the public on findings and recommendations
- Maintain and publish the Register for Data Files
What do I need to do?
As a SP-INV and Site-INV handling data from study participants, you are required to know and comply with the FADP act.
Additional data protection requirements auxiliary to the FADP inlcude::
- The Data Protection Ordinance (DPO)
- The Ordinance on Data Protection Certification (DPCO)
- Explicit cantonal data protection laws, which regulate data handling in the respective Swiss cantons. Ensure to include and check the applicable cantonal data protection requirements relevant to your study
Comparable to the federal level, each canton nominates a Protection and Information Commissioner (cantonal-PIC).
The General Data Protection Regulation (GDPR) is the privacy and security law of the EU. The GDPR applies:
- To EU residents at a Swiss study site, if the study was advertised in an EU country
- At EU study sites in a multi-centre Swiss / EU study
- When study data are collected and/or processed in an EU country
More
Read the FADP law and based on your study:
- Be familiar with the organisation of the various chapters and sections
- As applicable, tag articles you are required to comply with
- Ensure to include and check the applicable cantonal data protection requirements relevant to your study
- Check out data protection requirements on the swissethics website regarding information handed out to study participants
Where can I get help?
Your local CTU↧ can support you with experienced staff regarding this topic
Basel, Departement Klinische Forschung, CTU, dkf.unibas.ch
Lugano, Clinical Trials Unit, CTU-EOC, www.ctueoc.ch
Bern, Clinical Trials Unit, CTU, www.ctu.unibe.ch
Geneva, Clinical Research Center, CRC, crc.hug.ch
Lausanne, Clinical Research Center, CRC, www.chuv.ch
St. Gallen, Clinical Trials Unit, CTU, www.kssg.ch
Zürich, Clinical Trials Center, CTC, www.usz.ch
References
GDPR – Data Protection Regulation of the EU
Swiss Law
FADP – see in particular articles
- Art. 1 Purpose
- Art. 2 Scope
FDPIC – Information on data protection in Switzerland
DPO - Data Protection Ordinance