The new Swiss Data Protection Act (nDSG) has been in effect since September 2023. This has far-reaching consequences for IT companies that conduct marketing activities in Switzerland – from lead generation and email marketing to marketing automation. This article explains the most important requirements – and how nDSG compliance can become a factor that builds trust.
What the nDSG means for IT Marketing in Switzerland
The nDSG significantly strengthens the rights of data subjects and imposes stricter obligations on companies that process data. For IT marketing, the implications are concrete and immediate: Every interaction with potential customers – filling out forms, subscribing to newsletters, downloading white papers, visiting websites—is relevant under data protection law.
IT companies that have been operating in accordance with GDPR principles are well-positioned, but they must be familiar with the specific requirements of the nDSG. Those that have not yet systematically implemented either the GDPR or the nDSG face a clear need for action.
The most important nDSG requirements in IT Marketing
Duty to Provide Information and Transparency
When collecting personal data – whether through contact forms, lead magnets, newsletter sign-ups, or event registrations – it must be clearly communicated what data is being collected, for what purpose, and how long it will be stored. This information must be available at the time of collection, not only upon request.
Consent for the Use of Tracking Tools
Cookies and tracking scripts that go beyond what is technically necessary for the operation of the website – that is, analytics, marketing, and remarketing tools such as Google Analytics, LinkedIn Insight Tag, or HubSpot tracking – may only be set with active, informed consent. Cookie consent management that complies with data protection regulations is mandatory, not optional.
Email Marketing and Opt-In Requirements
Sending marketing emails requires explicit consent. Double opt-in processes are best practice and provide legally sound documentation of consent. Existing contact lists must be carefully reviewed: Contacts without documented consent may not be used for marketing emails.
Using Marketing Automation in Compliance with Data Protection Laws
Platforms such as HubSpot, Marketo, or Salesforce Marketing Cloud must be configured in compliance with data protection laws for use in the Swiss market. This applies to data hosting (ideally in Switzerland or the EU), the conclusion of data processing agreements (DPAs) with all service providers, and the configuration of tracking and profiling functions.
nDSG Compliance as a differentiator in IT Marketing
What many IT companies perceive as a bureaucratic burden is actually a strategic opportunity. Especially in the B2B IT sector, where decision-makers are particularly sensitive to data protection issues and IT service providers regularly conduct their own data protection audits of their suppliers, demonstrable nDSG compliance is a strong sign of trust.
IT companies that actively promote data protection-compliant communication, transparent opt-in processes, and clear privacy notices set themselves apart from competitors who neglect these issues. Compliance thus transforms from a cost factor into a competitive advantage.
Checklist: nDSG-Compliant IT Marketing Practices
- Update the privacy policy on the website and adapt it to the nDSG
- Implement a cookie consent management system (e.g., Borlabs Cookie, Cookiebot, Usercentrics)
- Clean up email marketing lists and switch opt-in processes to double opt-in
- Check marketing automation tools (HubSpot) for data protection compliance and configure them
- Enter into data processing agreements (DPAs) with all relevant marketing service providers
- Establish an internal process for requests for access and deletion
- Train marketing staff on nDSG requirements