Switzerland: Federal Data Protection and Information Commissioner's concluded preliminary investigation into Concevis SA over alleged data protection violations

On 20 December 2024, the Swiss Federal Data Protection and Information Commissioner (FDPIC) concluded its informal preliminary investigation on data protection violations into Concevis SA, initiated due to a ransomware attack in November 2023. The FDPIC determined that a formal investigation was not necessary as no serious breaches were found. However, the FDPIC highlighted the need for clearer data processing agreements, emphasising that contracts between federal offices and service providers must precisely define the life cycle of the data from collection to destruction.