Ƶ

Data Protection Addendum Template for Switzerland

Create a bespoke document in minutes, or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your document

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Protection Addendum

I need a Data Protection Addendum that complies with Swiss data protection laws, outlines the responsibilities of both parties in handling personal data, and includes provisions for data breach notifications and data transfer restrictions outside of Switzerland.

What is a Data Protection Addendum?

A Data Protection Addendum is a legal agreement that adds specific data privacy rules to an existing contract. It spells out how companies must handle personal information when doing business together, following Swiss data protection laws and the Federal Act on Data Protection (FADP).

This agreement becomes crucial when Swiss companies share customer data with service providers or transfer information across borders. It covers key requirements like data security measures, breach notifications, and the rights of individuals whose data is being processed. Companies often use these addendums to maintain compliance and build trust with their partners and customers.

When should you use a Data Protection Addendum?

You need a Data Protection Addendum when sharing personal data with external partners, vendors, or service providers under Swiss law. This is especially important when working with cloud services, IT contractors, or any third party that processes customer information on your behalf.

Common triggers include outsourcing customer support, using marketing analytics tools, or storing data outside Switzerland. The addendum becomes essential when your existing contracts don't fully address FADP requirements for data protection. It helps prevent legal issues, maintains compliance with Swiss privacy laws, and protects both your company and your customers' sensitive information.

What are the different types of Data Protection Addendum?

  • Basic data transfer agreements focusing on domestic Swiss data flows
  • Cross-border Data Protection Addendums addressing international transfers, especially with EU countries
  • Industry-specific versions tailored to healthcare, banking, or tech sectors under FADP guidelines
  • Standard contractual clauses (SCC) based addendums for high-risk data processing
  • Simplified versions for SMEs handling limited personal data

Who should typically use a Data Protection Addendum?

  • Data Controllers: Swiss companies who collect and determine how personal data is used, often initiating the need for a Data Protection Addendum
  • Data Processors: Service providers, vendors, or contractors who handle data on behalf of controllers
  • Legal Teams: Internal counsel or external law firms who draft and review these agreements for compliance with FADP
  • Privacy Officers: Specialists who oversee data protection practices and ensure addendum requirements are met
  • Compliance Managers: Professionals who monitor adherence to the addendum's terms and Swiss privacy regulations

How do you write a Data Protection Addendum?

  • Data Inventory: Map out what personal data you handle, where it's stored, and how it flows between parties
  • Risk Assessment: Identify sensitive data categories and potential compliance gaps under FADP
  • Partner Details: Gather information about data processors, their locations, and their security measures
  • Processing Scope: Define exactly what data processing activities will occur and for what purposes
  • Security Standards: Document required technical and organizational measures for data protection
  • Review Process: Outline how data protection compliance will be monitored and reported

What should be included in a Data Protection Addendum?

  • Scope Definition: Clear description of data types, processing activities, and purposes under FADP
  • Processing Terms: Detailed obligations for data handling, security measures, and confidentiality
  • Data Transfer Rules: Requirements for cross-border data transfers and safeguards
  • Security Measures: Technical and organizational measures for protecting personal data
  • Breach Protocol: Procedures for reporting and handling data breaches
  • Audit Rights: Terms for monitoring compliance and conducting assessments
  • Termination Provisions: Rules for data return or deletion when agreement ends

What's the difference between a Data Protection Addendum and a Data Processing Agreement?

A Data Protection Addendum differs significantly from a Data Processing Agreement in several key ways, though both deal with personal data handling under Swiss law. The main distinction lies in their fundamental purpose and application.

  • Primary Function: A Data Protection Addendum modifies an existing contract to add privacy provisions, while a Data Processing Agreement stands alone as a complete agreement specifically focused on data processing activities
  • Scope and Flexibility: Addendums are typically more flexible and can be tailored to supplement various types of contracts, whereas Processing Agreements follow a more standardized structure under FADP
  • Implementation Timing: Addendums are often added to contracts after they're already in effect, while Processing Agreements are usually established before any data processing begins
  • Legal Standing: Processing Agreements are mandatory for certain types of data processing relationships, while Addendums can be optional supplementary safeguards

Get our Switzerland-compliant Data Protection Addendum:

Access for Free Now
*No sign-up required
4.6 / 5
4.8 / 5

Find the exact document you need

No items found.

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: /our-research
Oops! Something went wrong while submitting the form.

ұԾ’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; ұԾ’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our for more details and real-time security updates.