GDPR-NLPD Trainings

GDPR and nFADP: a now unavoidable framework in Switzerland

Personal data protection has become, in 2026, an unavoidable discipline for any Swiss organisation. The new Federal Act on Data Protection (nFADP), entered into force on 1 September 2023, has reinforced the obligations of Swiss companies regarding consent, rights of data subjects, processing security and breach notification. The European GDPR Regulation continues moreover to apply to Swiss organisations processing data of European residents. In Geneva, Lausanne and across French-speaking Switzerland, private banks, insurance companies, international organisations, hospitals, public services and industrial companies now structure a data compliance function driven by a DPO or a compliance officer.

Following a recognised GDPR or nFADP training opens access to valued roles: DPO (Data Protection Officer), compliance officer, data protection lawyer, CISO, compliance project manager. The GDPR Foundation and DPO certifications are internationally recognised and widely expected in job descriptions. Investing in a data protection certification enhances your profile in a segment where demand regularly exceeds supply, particularly in private banking, finance and international organisations.

ITTA offers a catalogue dedicated to data protection: GDPR Foundation, DPO and the new Swiss Data Protection Act nFADP. Each session is built around practical cases inspired by the daily work of Swiss organisations, with limited group sizes to enable personalised support.

Whether you are an in-post DPO, lawyer, compliance officer, CISO, project manager or executive wishing to understand obligations, our training in Geneva and Lausanne provides the methods and common vocabulary to pass your target certification and structure your compliance approach.

Skills covered by our GDPR and nFADP catalogue

GDPR Foundation (GDPRF)

The GDPR Foundation training lays the common foundation for profiles joining a data compliance approach. The programme covers GDPR principles (lawfulness, purpose, minimisation, accuracy, retention, security), legal bases of processing, data subject rights, roles (controller, processor, DPO), breach notification, and the articulation between GDPR and nFADP. This training suits profiles discovering data protection. It prepares for the internationally recognised GDPR Foundation certification.

GDPR Certified Data Protection Officer (DPO)

The GDPR DPO Certified Data Protection Officer training targets profiles taking the official Data Protection Officer role in an organisation. The programme deepens processing mapping, activities register, impact assessments (PIA, DPIA), consent management, internal audit conduct, dialogue with supervisory authorities (FDPIC in Switzerland, CNIL in France) and internal communication around compliance. This certification is highly valued and corresponds to the official profile expected by organisations designating a DPO.

New Swiss Data Protection Act (nFADP)

The nFADP training specifically covers the Swiss Federal Act on Data Protection entered into force on 1 September 2023. The programme addresses reinforced obligations (activities register, data protection adviser, DPIA, breach notification to the FDPIC), data subject rights, articulation with GDPR for companies active in Europe, and provided sanctions. This training is particularly useful to Swiss organisations adapting their compliance approach to the Swiss framework.

Build your data protection path

A newcomer to data compliance starts with GDPR Foundation to acquire vocabulary and basic principles, then chains with the nFADP training for the specific Swiss context. A profile taking the DPO role follows the GDPR DPO Certified Data Protection Officer training after GDPR Foundation. A confirmed lawyer, CISO or compliance officer combines GDPR Foundation, DPO and nFADP to cover the three reference frameworks. An executive or project manager wishing to understand obligations benefits from GDPR Foundation and nFADP without necessarily targeting the official DPO role. Our pedagogical team guides you towards the sequence suited to your role and context.

Featured courses in this catalogue

Here is a selection of reference training courses in this catalogue, accessible directly:

• New Swiss Data Protection Act (nLPD)
• GDPR – Certified Data Protection Officer (DPO)
• GDPR Foundation (GDPRF)

Data protection and related skills

Data protection fits into a broader compliance, security and IT ecosystem. Audit and cybersecurity training covers CompTIA Security+, ISO 27001 and CISSP, technical dimensions complementary to compliance. The IT service management sub-domain brings ITIL 4, complementary for processing organisation. Cloud computing training brings Azure and AWS where data localisation and compliance controls now apply. On the method side, change management training brings APMG certifications, complementary to drive the deployment of a compliance approach in an organisation. The data analysis and databases domain reinforces the technical dimension of the activities register and database security controls.

GDPR and nFADP trends in 2026

Several evolutions are shaping data compliance in 2026. The nFADP continues to mature in Swiss organisations, with particular attention on the activities register and impact assessments. The European Data Act and Data Governance Act broaden the regulatory framework beyond pure GDPR. AI agents and foundation models raise new questions on the use of personal data in training and inference, framed by the European AI Act. Technical data protection controls (encryption at rest, masking, auditing, classifications, Microsoft Purview) are generalising in Microsoft 365 and Azure tools. Our pedagogical content regularly integrates these evolutions to remain aligned with current company practices.

GDPR and nFADP training in Geneva, Lausanne and online

All our data protection training courses are available on-site in our Geneva (Route des Jeunes 35) and Lausanne (Avenue de Mon-Repos 24) centres, as well as in interactive virtual classroom with a live trainer. Our sessions are organised in 5-week cycles, which makes registration fast and planning smooth for working lawyers and compliance officers. Each session includes practical cases inspired by Swiss organisations. Customised corporate training is also possible at your premises, in Geneva, Lausanne, Vaud and across French-speaking Switzerland, with a programme adapted to your industry and compliance maturity. Several professional funding paths can be considered depending on your profile and employer.

Why choose ITTA for your GDPR or DPO certification

ITTA is a certified training centre based in French-speaking Switzerland, official partner of PeopleCert. Our GDPR and nFADP trainers are lawyers and DPOs active in Swiss and international companies, allowing them to share current concrete cases and processing registers actually used. The catalogue regroups our training courses covering GDPR Foundation, DPO and nFADP. Our pedagogical team supports you in choosing the right path, preparing the exams and identifying the funding solutions that fit your professional situation.

FAQ

Is legal experience required before GDPR Foundation?

No. The GDPR Foundation training is accessible to non-lawyer profiles (CISO, project manager, compliance officer, executive) wishing to understand GDPR and nFADP principles. Good ease with general IS concepts and analytical logic facilitate learning.

Does nFADP replace GDPR for a Swiss company?

No. The nFADP is the Swiss federal law, applicable to Swiss organisations for processing data of Swiss residents. The GDPR remains applicable to Swiss organisations processing data of European residents (clients, partners, employees). Both frameworks coexist and present globally convergent principles with some specificities. Our nFADP training precisely covers this articulation.

Is a certified DPO required in a Swiss SME?

The designation of a DPO or data protection adviser depends on the nature and volume of processing. The nFADP requires an adviser in certain situations (high-risk processing, public authority). Organisations processing data of European residents may also be subject to the GDPR obligation to designate a DPO. Our pedagogical team guides you on the relevance of targeting a DPO certification according to your context.

Are your GDPR courses available for companies?

Yes, the entire catalogue is available in-house, in Geneva, Lausanne and in virtual classroom, with a programme adapted to your industry (banking, healthcare, insurance, public) and compliance maturity. Our team builds the specifications with you and organises sessions according to your calendar.