Switzerland's revised Federal Act on Data Protection (nFADP), which came into force on 1 September 2023, has fundamentally changed the legal framework for employee screening. Here's what compliance teams need to know.
Key Changes Under nFADP
The nFADP introduces several principles that directly affect employee digital risk screening:
Proportionality
Data processing must be proportionate to the purpose. This means screening programmes must be targeted, not invasive. Premtrace's approach — using only publicly available data — inherently satisfies this requirement.
Purpose Limitation
Data collected for screening purposes cannot be repurposed for other uses. This requires clear documentation and governance frameworks around screening programmes.
Transparency
Employees must be informed about data processing activities, including digital risk screening. Most organisations address this through employment contracts and internal policies.
Data Minimisation
Only data that is necessary for the stated purpose should be collected. Premtrace screens public platforms — no private messages, no password-protected content, no data behind login walls.
Practical Implications for Compliance Teams
1. Legal Basis
Employee screening typically relies on the legitimate interest of the employer in operational risk management. For financial institutions, regulatory requirements (FINMA) provide additional legal basis.
2. Documentation
Maintain a processing register that includes your screening programme. Document what is screened, how often, and what happens with findings.
3. Employee Notification
Include digital risk screening in your employment contracts or privacy notices. Be transparent about what is monitored and why.
4. Data Retention
Establish clear retention periods for screening data. Premtrace retains findings only for the reporting period and provides data deletion upon request.
Why Public Data Screening Is Compliant by Design
Premtrace's approach is inherently nFADP-compliant because it:
Next Steps
If you're implementing or reviewing an employee digital risk screening programme, contact us for a compliance review or start with a free pilot to see how the process works in practice.