As is known, on August 27th, 2021 the Federal Data Protection and Information Commissioner of Switzerland (FDPIC) has released provisions concerning the transfer of personal data to a country with an inadequate level of data protection, based on recognised standard contractual clauses (SCC) and model contracts.
The FDPIC (the Swiss Data Protection Authority) commented on the issue of non-EU transfers, focusing more specifically on the SCCs approved by the European Commission.
In fact, the FDPIC has officially recognised the standard contractual clauses as a legitimate condition for the transfer of personal data to those countries that do not have an adequate level of data protection, albeit with due care and modification.
More precisely, the FDPIC - in its ruling - distinguishes the hypothesis of the transfer to which only the Swiss law on data protection applies (and which, therefore, has no connection with the GDPR), from the hypothesis in which the GDPR applies to the processing pursuant to Article 3(2), but the exporter is a Data Controller or Manager located in Switzerland (and therefore subject to Swiss law).
In this case - according to the FDPIC - the parties may choose whether to draw up two separate agreements (one under GDPR and the other under Swiss data protection law) or to refer to a single regime, subjecting all transfers to GDPR standards, but providing for the appropriate adjustments.