Data Protection Impact Assessment Made Simple
The free tool for Swiss companies to check DPIA requirements and conduct assessments under the revised FADP. Know in minutes if you need a DPIA.
Do These Challenges Sound Familiar?
The revised FADP presents new requirements for Swiss companies
DPIA Requirement Uncertainty
When exactly is a Data Protection Impact Assessment required under Art. 22 FADP? The criteria are often unclear.
Complex Documentation
DPIA documentation is time-consuming and requires structured processes and solid data protection knowledge.
Swiss vs. EU Regulations
The Swiss FADP differs from the GDPR. Existing EU tools often don't fit Swiss requirements.
Everything You Need for DPIA Compliance
Built specifically for Swiss data protection law requirements
DPIA Decision Wizard
Determine in minutes whether you need a DPIA under Art. 22 FADP.
- Based on Art. 22 FADP
- Exportable decision documentation
Vendor Collaboration
Invite your technology vendors to complete data protection questionnaires directly.
- Structured questionnaires
- Automatic notifications
Document Generation
Automatically generate compliant DPIA documents for your records.
- FADP-compliant templates
- PDF export for audits
How It Works
Three simple steps to DPIA compliance
Check DPIA Requirement
Answer a few questions about your data processing and instantly find out if a DPIA is required.
Involve Vendors
Invite your technology providers to input data protection relevant information directly.
Generate Documentation
Automatically generate complete DPIA documentation for your compliance records.
Who Is This Tool For?
Designed for Swiss organizations across all industries
SMEs
Small and medium enterprises introducing new technologies or AI systems.
Public Administration
Government agencies and cantonal administrations with heightened data protection requirements.
Healthcare
Hospitals, clinics, and healthcare providers processing sensitive patient data.
Finance
Banks, insurers, and financial service providers with regulatory obligations.
Trusted and Up-to-Date
Frequently Asked Questions
Answers to the most important questions about DPIA
A DPIA is a systematic assessment of the impact of a planned data processing activity on the protection of personal data. It is required under Art. 22 of the Swiss Data Protection Act (FADP) when data processing is likely to result in a high risk to the personality or fundamental rights of the data subject.
A DPIA is required under Art. 22 FADP when personal data processing may result in a high risk to the personality or fundamental rights of the data subject. This is particularly the case for extensive processing of sensitive personal data, systematic monitoring of extensive public areas, high-risk profiling, or automated individual decisions.
The Swiss FADP and European GDPR have similar concepts but differ in details. The Swiss FADP refers to specifically Swiss criteria in Art. 22. Additionally, Swiss companies must also follow the recommendations of the FDPIC (Federal Data Protection and Information Commissioner).
The controller (the company or organization that determines the purposes and means of data processing) is responsible for conducting the DPIA. In practice, this is often coordinated by the Data Protection Officer or a specialized department, involving specialist departments and external experts as needed.
Failing to conduct a required DPIA constitutes a violation of the FADP. This can lead to sanctions, including fines of up to CHF 250,000 for natural persons in case of willful violation. The FDPIC can also order measures and issue public warnings.
Ready for Your DPIA?
Get notified about new features and regulatory updates.
We only use your email for product updates. No spam.