The DSG applies to the processing of personal data of natural persons by private individuals and federal bodies. Unlike the GDPR, the DSG does not apply to legal persons. A deliberate Swiss legislative choice. The revised law introduced enhanced requirements for data processors (Auftragsbearbeiter), mandatory data breach notifications to the FDPIC (Federal Data Protection and Information Commissioner) under Art. 24, strengthened data subject rights including a right of access (Art. 25), and a duty to maintain a register of processing activities (Art. 12).
Key articles relevant to document processing include Art. 6 (data processing principles: proportionality, purpose limitation, accuracy), Art. 7 (privacy by design and by default), Art. 8 (data security, requiring appropriate technical and organizational measures), and Art. 16-17 (cross-border data transfers requiring adequate protection). Violations of core provisions now carry criminal penalties of up to CHF 250,000 against the responsible natural person. A sharp departure from the GDPR's administrative fine model targeting organizations.
For law firms and legal departments, the DSG has direct workflow implications. Client files contain sensitive personal data (Art. 5(c), health data, data on criminal proceedings). Sharing documents with opposing counsel, courts, or third-party service providers constitutes data disclosure requiring a legal basis. Document anonymization before publication or sharing is a primary compliance mechanism.
DocIQ's products are designed with DSG compliance in mind. Sphere operates on CH/EU-hosted infrastructure with organization-scoped data access, satisfying Art. 8 data security requirements. Shield's zero-persistence architecture means personal data in documents is never stored, eliminating retention obligations under Art. 6(4) and simplifying breach notification analysis, because there is no stored data to breach.