Categories: Insights, Publications · News, Publications

Tag: GDPR


29 Oct 2024

Data Breach: Lessons for Companies from Recent Investigations (Il Sole 24 Ore Radiocor – Vittorio De Luca, Martina De Angeli)

The revelations from the investigation conducted by the Milan Prosecutor’s Office and the investigative unit of the Carabinieri of Varese—exposing unlawful activities involving the acquisition of confidential, sensitive, and personal information—have dominated Italy’s political and public debate in recent hours. These developments call for serious reflection.

The Italian Data Protection Authority (Garante per la protezione dei dati personali) has responded by establishing an interdepartmental task force to promptly identify appropriate actions and implement stronger protections for databases. This task force aims, among other objectives, to define adequate technical and organizational security measures for database access by authorized personnel, as well as for the operations performed by those responsible for their management and maintenance.

As we await further updates, here’s what companies need to know and do in similar situations:

  • Internal investigations, containment, and evaluation.
    Upon discovering a data breach, it is critical to identify the incident, evaluate its scope and impact on personal data, and determine its cause to address any vulnerabilities.
  • Notification obligations.
    • To the Data Protection Authority: Organizations must notify the breach to the Garante within 72 hours of becoming aware of it unless the breach is unlikely to pose a risk to the rights and freedoms of individuals.
    • To the affected individuals: If the breach creates a high risk for the people involved, they must be informed without undue delay.
  • Violation register.
    Maintain a record of the breach, including its nature, effects, and corrective measures taken. This is essential for compliance and subsequent audits.
  • Implement corrective measures.
    Take steps to enhance data security and prevent future breaches, such as revising security protocols and initiating employee training programs.
  • Review and update policies.
    After addressing the breach, it is essential to review and strengthen the company’s data protection policies and response plans.
  • Continuous monitoring.
    Activate systems to monitor data processes continuously to detect and respond to any future incidents promptly.
  • Training.
    Security measures must be supported by proper employee training to ensure effective implementation in daily operations.

It is essential to emphasize that, if a data breach has occurred, pre-existing measures were insufficient and must be reassessed and enhanced. This is a fundamental goal of the Data Breach procedure.

As highlighted earlier, recent developments should prompt reflection. Information and data are increasingly valuable assets, and ensuring their technical and organizational security is a critical priority for businesses. Companies must view investments in advanced, continually updated security measures as vital, not optional. These efforts ultimately benefit business performance and corporate reputation.

Press Review:

Subscribe to our newsletter

Contact

Need information? Write to us and our team of experts will respond as soon as possible.

Fill in the form

More news and insights

8 Jul 2026

Pay transparency: one month after its entry into force, two approaches are emerging in the market (The Platform, 8 July 2026 – Vittorio De Luca, Claudia Cerbone e Martina De Angeli)

Since 7 June, EU rules aimed at strengthening the principle of equal pay between men and women for the same work or for work of equal value have…

2 Jul 2026

Did you know…? As of 7 June 2026, Legislative Decree No. 96/2026 is fully in force

As of 7 June 2026, Legislative Decree No. 96/2026 is fully in force. It also introduces into the Italian legal system a structured framework on pay transparency, with…

2 Jul 2026

Failure to serve disciplinary charges does not render the dismissal null and void: italian supreme court confirms no reinstatement remedy for employers below the statutory workforce threshold

Principle of Law In its recent judgment No. 17283 of 1 June 2026, the Italian Supreme Court (Corte di Cassazione) examined the legal consequences arising from the employer's…

2 Jul 2026

AI and the employment relationship: initial guidance from the implementing decrees and data protection implications

Following the preliminary approval by the Council of Ministers, on 10 June 2026, of the first draft legislative decrees implementing the enabling law on artificial intelligence (Law No.…

1 Jul 2026

Sustainability, Responsibility, and the Future: A Commitment That Grows with Time

As we celebrate our 50th anniversary, we have chosen to look to the future with the same care and dedication with which we preserve our roots. Those roots…

25 Jun 2026

Pay Equity and Pay Transparency: What Will Change in Italy (People are People, 25 June 2026 – Claudia Cerbone e Martina De Angeli)

With Legislative Decree No. 96 of 7 May 2026, which entered into force on 7 June 2026, Italy transposed Directive (EU) 2023/970 on pay transparency, becoming one of…