Swiss Data Protection Act (revDSG): What Businesses Need to Know for Debt Recovery

Data Protection in Debt Recovery

Since the revised Swiss Data Protection Act (revDSG) came into effect on September 1, 2023, stricter requirements apply to the processing of personal data in Switzerland. For businesses that manage receivables or outsource collection, this creates concrete compliance obligations.

Key Changes

Duty to Inform (Art. 19 revDSG)

Data subjects — i.e., debtors — must be informed about data processing. This includes:

Identity of the controller (who processes the data?)
Processing purpose (debt collection, credit checks, etc.)
Categories of recipients (e.g., collection agencies, debt enforcement offices)
Rights of data subjects (access, rectification, erasure)

Proportionality (Art. 6 revDSG)

In the collections context, proportionality is particularly important. Only data that is necessary for the specific purpose may be processed. Excessive data collection — such as comprehensive profiling without concrete justification — is not permitted.

Data Security (Art. 8 revDSG)

Organizations must implement technical and organizational measures (TOMs) appropriate to the risk. In the context of receivables data, this means:

Encryption of personal data (at rest and in transit)
Access control based on the principle of least privilege
Logging of access and changes (audit trail)
Regular review of security measures

How NeuraPay Supports Compliance

NeuraPay® was built from the ground up with Privacy by Design:

Role-based access control — Each user only sees data relevant to their role
Full audit trail — Every action is logged and traceable
Automated data deletion — Configurable retention policies for closed cases
Swiss data residency — All data is stored exclusively in Azure Switzerland

Recommendations for Businesses

Review your information obligations — Ensure debtors are transparently informed about data processing
Document your processing activities — A current record of processing activities is mandatory
Evaluate your service providers — Check whether your collection partner meets revDSG requirements
Implement TOMs — Ensure appropriate technical and organizational measures are in place

Data protection is not an obstacle to effective receivables management — it is a prerequisite for sustainable, trustworthy business relationships.

For questions about compliance in debt recovery, our team is happy to help. Contact us.

Swiss Data Protection Act (revDSG): What Businesses Need to Know for Debt Recovery

Data Protection in Debt Recovery

Key Changes

Duty to Inform (Art. 19 revDSG)

Proportionality (Art. 6 revDSG)

Data Security (Art. 8 revDSG)

How NeuraPay Supports Compliance

Recommendations for Businesses

Ready to clear your balance sheet?

Welcome.

Swiss Data Protection Act (revDSG): What Businesses Need to Know for Debt Recovery

Data Protection in Debt Recovery

Key Changes

Duty to Inform (Art. 19 revDSG)

Proportionality (Art. 6 revDSG)

Data Security (Art. 8 revDSG)

How NeuraPay Supports Compliance

Recommendations for Businesses

Related articles

Blockchain-Verified Audit Trail: From 'Trust Us' to 'Verify It'

Responsible AI in Debt Recovery: Auditability, Fairness, and Governance

Compliance by Design: The Non-Negotiables of a Debt Recovery OS

Ready to clear your balance sheet?