All posts
nDSG

Swiss nDSG and Campsites: What the New Data-Protection Law Means in Practice

The new Swiss Federal Act on Data Protection (nDSG) has been in force since September 2023. What campsite operators actually need to implement — and what happens if they do not.

Felix Du 2 min read

Who it applies to

The new Swiss Federal Act on Data Protection (nDSG) came into force on 1 September 2023. It applies to every Swiss business that processes personal data — and that includes every campsite that stores guest details, contact information, or payment data.
nDSG is largely aligned with the EU GDPR, with some Swiss specifics. Operators already GDPR-compliant have done most of the work. Operators who have not taken data protection seriously need to catch up now.

The five central obligations

1. Information duty. You must actively inform guests what data you collect and for what purpose. In practice: a privacy notice on your website and a short statement in the booking form.
2. Record of processing activities. You must document which data categories you process, for what purpose, how long you retain them, and who has access. The record is internal — only shown on request by the regulator.
3. Right of access. Guests can demand to know what data you store about them. Response within 30 days, free of charge, in comprehensible form.
4. Right to correction and deletion. Guests can demand correction or deletion. Deletion has limits — statutory retention (accounting, HESTA) overrides. But anything beyond those periods must be deleted.
5. Breach notification. A data breach posing high risk must be reported to the Federal Data Protection Commissioner "as quickly as possible" — in practice, within days.

Penalties

nDSG fines reach CHF 250,000 — and, unlike GDPR, they are imposed on individuals (typically management), not the company. That significantly raises the personal pressure.
Six-figure fines are rare. Warnings and mandatory remediation are more common. But reputational damage from a public breach is usually worse than the fine.

Where campsites typically have gaps

Five recurring weaknesses we see:
  • Plaintext email. Booking confirmations with payment and guest details sent unencrypted. Better: a guest portal with secure access.
  • Shared Excel files. A "customers.xlsx" with names, addresses, birth dates sitting unprotected on a shared drive. Every employee can open it.
  • Eternal retention. Data from guests last seen in 2014 still sitting in the database. No defined deletion periods.
  • No role separation. Seasonal helpers have the same access as management.
  • Outdated privacy notice. Website privacy statement five years old and no longer accurate.

How CampOne addresses these structurally

  • Audit trail on every data-sensitive action — who accessed what, when
  • Role-based access — seasonal reception staff see bookings only; management sees more; cleaners see occupancy only
  • Automatic deletion after statutory retention expires
  • One-click guest-data export for right-of-access requests
  • Swiss hosting — all data in Swiss data centres

Takeaway

nDSG is no longer theoretical. Regulators are checking, fines can bite, and the reputational hit from a publicised breach is often the real cost. Close the five common gaps systematically. Modern campsite software covers most of them out of the box.
Try CampOne free for 30 days →
nDSG Data Protection Compliance Switzerland

More posts

View all →
C1
camping

Why Shoulder Season Is the Best Time to Camp in Switzerland

15 Apr 2026
An empty alpine campground in early morning light with mist rising from a nearby lake
camping

Why Shoulder Season Is the Best Time to Camp in Switzerland

15 Apr 2026
Test 2
HEtsA

Test 2

15 Apr 2026
Test

Test

15 Apr 2026
C1
Website

Why Your Campsite Needs Its Own Website — and What It Should Cost

1 Mar 2026
C1
Booking System

Online Booking Systems for Campsites: Seven Features Your System Must Have

15 Feb 2026
C1
HESTA

HESTA Guest Registration for Campsites: What Operators Need to Know

15 Jan 2026