GDPR compliance, data protection, cybersecurity, IT contracts and technology law.
Filter by specialisation
We're actively expanding our directory. In the meantime, use the lawyer wizard — it'll match you to the best available firm for your situation.
Use the Lawyer Wizard → Suggest a FirmLeading international law firm with strong English-speaking team specializing in corporate and commercial law
Prominent Swiss firm with extensive English-language corporate and IP practice; active 2024-2025
Geneva-based international firm with strong English-speaking practice; specializing in banking and finance
Full-service law firm with bilingual English teams across Switzerland; active in corporate and real estate
Zurich-headquartered firm known for bilingual English-speaking team in corporate and tax matters
Full-service law firm with significant English-language expertise in corporate and IP matters
GDPR applies to any organisation that processes personal data of EU residents, regardless of where the organisation is based. A data protection lawyer can advise on compliance.
Fines can reach €20 million or 4% of global annual turnover (whichever is higher). A data protection lawyer can help implement compliant processes to minimise risk.
Browse our verified directory of law firms across Switzerland's major cities. All listed firms offer English-language legal services to expats and foreign nationals.
Find My Lawyer in 60 SecondsnDSG (neues Datenschutzgesetz – New Data Protection Act), effective 1 September 2023, is Switzerland's equivalent to GDPR—but with KEY differences:
Case Study: Zurich FinTech startup experiences data breach: 50,000 customer records exposed (PII: names, email, hashed passwords). Notification obligations per nDSG art. 24: Notify EDÖB within "reasonable time" (typically 72 hours to 1 month); notify affected individuals if "likely significant damage" (subjective). Criminal investigation: EDÖB can prosecute violations under art. 84; common outcome: administrative fine (CHF 5,000-50,000 range) + order to remediate systems. GDPR equivalent: Same facts → GDPR breach notification 72 hrs, affected persons informed, EDPB/national DPA investigation, EU fine up to €20M. Swiss process: slower, lighter penalties, more industry self-regulation.
