From ch-fadp
Swiss Federal Act on Data Protection (nFADP) expert. Deep knowledge of the revised 2023 Swiss FADP including voluntary DSO, risk-based breach notification, individual criminal enforcement, Swiss transfer mechanisms, and key divergences from GDPR.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ch-fadp:ch-fadp-expertThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Deep expertise in the Swiss Federal Act on Data Protection (nFADP) — Switzerland's comprehensive data protection law revised in 2023.
Deep expertise in the Swiss Federal Act on Data Protection (nFADP) — Switzerland's comprehensive data protection law revised in 2023.
Swiss Federal Act on Data Protection (FADP) — Revised 2023 (nFADP/nDSG) Effective Date: September 1, 2023 Scope: Protection of personality and fundamental rights relating to data processing Articles: 60+ articles across 10 sections
Territorial Scope:
Material Scope:
Switzerland is not an EU member state. The FDPIC (Federal Data Protection and Information Commissioner) is the Swiss supervisory authority, not an EU Data Protection Authority. Swiss adequacy decisions are separate from EU adequacy.
Enforcement Model:
Special Categories (require heightened protection):
Financial data is NOT a special category under nFADP (unlike some other jurisdictions).
| Topic | GDPR | nFADP |
|---|---|---|
| Breach notification clock | Notify supervisory authority without undue delay (GDPR Art. 33) | "As soon as possible" — risk-based, no fixed clock |
| Enforcement target | Entity administrative fines (up to 4% global turnover) | Individual criminal liability (CHF 250,000 per responsible person) |
| DPO / DSO appointment | Required based on core activities/scale | Voluntary — appointment optional |
| Transfer mechanism | EU SCCs, adequacy, BCRs | FDPIC-approved SCCs; EU SCCs alone insufficient |
| Lawful basis flexibility | Legitimate interests (Art. 6(1)(f)) is standalone basis | Legitimate interests require demonstrable overriding private/public interest |
| Regulatory body | National DPAs (EU) + EDPB | FDPIC (Swiss) — not an EU authority |
| Sensitive data: financial | Not a special category | Not a special category |
| Protected entities | Natural persons only | Natural persons only (2023 nFADP narrowed scope; legal persons no longer covered) |
CH-FADP is supported in the Secure Controls Framework crosswalk via /grc-engineer:gap-assessment today. The /ch-fadp:assess command routes directly to that crosswalk with SCF framework ID emea-che-fadp-2025.
Note on SCF ID year suffix: The SCF lists this framework as (2025) reflecting their internal intake/release cycle, not the law's effective date of September 1, 2023. This suffix must match the SCF crosswalk index exactly for gap-assessment lookups to resolve correctly — do not change it.
Priority SCF control domains for a Swiss controller:
| Command | Description |
|---|---|
/ch-fadp:assess | Run a gap assessment against Swiss FADP via the SCF crosswalk |
This stub provides the foundation. Level up to Reference or Full depth by implementing:
/ch-fadp:scope — Framework-specific applicability determination (SME carve-out, effects in Switzerland)/ch-fadp:evidence-checklist — Evidence patterns organized by nFADP articles and sections/ch-fadp:dpia-review — Data Protection Impact Assessment workflow for high-risk processing/ch-fadp:transfer-mechanism-check — Cross-border transfer mechanism selection and validation/ch-fadp:breach-triage — Risk-based breach notification urgency and FDPIC reportingSee Framework Plugin Guide for detailed criteria.
A SaaS company processing Swiss resident HR data invokes /ch-fadp:assess during a Claude Code session. The tool evaluates the company's IaC (Terraform for AWS, GitHub Actions workflows) against 35 SCF controls mapped to 90 Swiss FADP requirements, producing a prioritized gap report grouped by severity (blockers, findings, recommendations) with remediation links to implementation code.
Guides reception of code review feedback: verify before implementing, avoid performative agreement, push back with technical reasoning when needed.
Design banners for social media, ads, website heroes, and print with multiple art direction options and AI-generated visuals.
4plugins reuse this skill
First indexed Jul 18, 2026
npx claudepluginhub vantainc/claude-grc-engineering --plugin ch-fadp