nFADP vs GDPR: The technical and strategic guide for Web Agencies in Switzerland (2025)

nFADP vs GDPR: The technical and strategic guide for Web Agencies in Switzerland (2025)

Published by Thomas dans la catégorie Compliance Last update : 09.01.2026 à 12h28

Table of content

As a web or marketing agency director in French-speaking Switzerland, you walk a tightrope. On one side, your clients demand performance (leads, sales, ROAS). On the other, the legal framework has tightened with the nFADP (New Data Protection Law) and the European standards of the GDPR.

Ignoring compliance risks fines for your clients and, worse, losing their trust during an audit. But locking it down too tightly without a strategy kills data harvesting.

At A-Track, we believe that well-managed compliance is a business lever, not a brake. Here is your expert guide to navigate between Bern and Brussels without sacrificing tracking.

What are the nFADP and the GDPR? (Definition)

To begin, let’s lay the essential factual foundations to understand the technical stakes:

  • The nFADP (Switzerland): This is the Federal Act on Data Protection, which came into force on September 1, 2023. It aims to protect the personality and fundamental rights of individuals whose data is processed. It introduces criminal sanctions (up to 250,000 CHF) directly targeting executives.

  • The GDPR (Europe): The General Data Protection Regulation is the EU standard. It is extraterritorial: a Swiss company targeting European clients is subject to it.

The fundamental difference for agencies? Historically, the nFADP is more “flexible” on consent (the principle of possible Opt-out except for sensitive data), while the GDPR requires strict Opt-in (explicit consent before any tracking).

Why the

Want to secure your agency's website portfolio?

Don't let nFADP compliance be your agency's weak point. At A-Track, we audit and ensure compliance for your clients' websites in white label or direct partnership.

Schedule a meeting with a compliance expert at A-Track

Related services

Annual Maintenance

long-term support to keep your tracking up to date and maintain compliance over time

Learn more

Questions fréquemment posées

What is Google Consent Mode v2?
It is a mechanism that allows your Google tags (Analytics, Ads) to adjust their behavior based on the user's choice on the cookie banner. It has been essential since March 2024 to maintain advertising functionalities.

Who is responsible in case of a fine: the agency or the client?
The nFADP penalizes the natural person responsible within the company (the client). However, the agency's contractual liability may be engaged if it has failed in its duty of advice.

Is the cookie banner mandatory for a 100% Swiss site?
Technically, if the site does not process any sensitive data and does not engage in high-risk profiling, the nFADP does not always require an explicit banner. However, marketing tools (Google Ads, Meta Ads) require it in their terms of use. De facto, it is therefore mandatory for any commercial site.

Can I use a free plugin for compliance?
It is strongly discouraged. Free plugins are rarely updated in real-time with legal and technical developments (cookie list, TCF v2.2). A professional CMP like Cookie-Script automates the scanning and preventive blocking of cookies.