When someone in Switzerland deals with personal data of European citizens, does s/he need to follow a specific procedure, or is compliance with Swiss law enough?
The GDPR requires a certain level of protection for cross-border personal data transfers involving European countries, listing and periodically controlling countries meeting the “adequacy standard”. In a report dated 15.01.2024, the European Commission found that Switzerland, along with 10 other countries, got approval for its increased data protection, providing adequate protection for personal data transferred from the EU (pt. 4.10).
Consequently, the respect of the new Swiss Data Protection Act is sufficient, and data transfers between Switzerland and the EU can occur without additional requirements.
Link to the report: