ABSTRACT
A major revolution in data protection legislation took place when the European Union (EU) introduced the General Data Protection Regulation (GDPR) in 2018. Consequently, it was expected that non-EU States collaborating closely with the EU would follow suit with updates to their own national regulations. This was notably the case in Switzerland with the implementation of the new Swiss Federal Act on Data Protection (FADP) on September 1, 2023. The impact of the changes induced by these new pieces of legislation extends beyond conventional data-driven or tech businesses, impacting all types of companies, as well as foundations and associations (“charities”) and social enterprises. Indeed, even entities driven by public utility and nonprofit motives have to learn to navigate the complexity of the new data protection frameworks. For charities, the impact is particularly important when they process sensitive personal data (notably those of their beneficiaries), which is often the case in sectors related to health, humanitarian action, or the protection of gender minorities, victims, or persecuted individuals. The present chapter delves into the challenges currently confronting charities within this new and evolving regulatory environment, with a special focus on Swiss-based charities. It seeks to shed light on the GDPR's impact on non-EU entities, and on the specificities of the new FADP, emphasizing the importance of considering the distinctive nature and activities of these charitable entities. While tackling the implications of this new legal landscape might be a challenge for charities, especially given the unique features of these entities and their purpose, compliance with data protection rules might become both a requirement for effective operations as well as an opportunity to improve their positive impact.
