top of page
What privacy is
The authority
Who carry out authority regulations
The sanctions
Why to manage the privacy

The Italian Authority for personal data protection is a collegial body, made up of four members elected by the Italian Parliament, who remain in office for a non-renewable seven-year term. The current College was elected by Parliament (pursuant to Article 153, paragraph 2 of the Code) on July 14, 2020 and took office on July 29, 2020.


The college is made up of the following members:

- Pasquale Stanzone (president);

- Ginevra Cerrina Feroni (vice-president);

- Agostino Ghiglia (member);

- Guido Scorza (member).



The tasks of Authority are defined by Regulation (EU) 2016/679 GDPR and by the Code regarding the protection of personal data.


Briefly and purely for dissemination purposes, which in no way has the claim to completeness of the matter, the tasks of the college can be indicated:


  1. check that the processing of personal data complies with the Regulations as well as with national laws and regulations and prescribe, where necessary, the data controllers or processors the measures to be taken to carry out the processing correctly in compliance with the fundamental rights and freedoms of individuals;

  2. collaborate with other supervisory authorities and provide mutual assistance in order to ensure the consistent application and implementation of the Regulation;

  3. examine complaints;

  4. issue warnings to the data controller or the data processor and order them to comply with the provisions of the Regulations (in the case of treatments that violate the provisions of the Regulations);

  5. impose a temporary or definitive limitation of processing, including a prohibition on processing; order the rectification, deletion of personal data or the limitation of processing;

  6. adopt the measures provided for by the legislation on the protection of personal data;

  7. report, also on its own initiative, to Parliament and other bodies and institutions the need to adopt regulatory and administrative acts relating to issues concerning the protection of personal data;

  8. formulate opinions on proposals for regulatory and administrative acts; participate in the discussion on regulatory initiatives with hearings in Parliament;

  9. prepare an annual report on the activity carried out and on the state of implementation of the privacy legislation to be transmitted to Parliament and the Government;

  10. participate in the European Union and international activities in the sector, also with a view to monitoring and assisting the Europol, Schengen, VIS and other information systems;

  11. take care of information and develop the public's and data controllers' awareness regarding the protection of personal data, with particular attention to the protection of minors;

  12. keep internal records of the most significant violations and impose financial penalties where provided for by the Regulations and national legislation;

  13. involve, where envisaged, citizens and all interested parties with public consultations, the results of which are taken into account for the preparation of general measures.

What a data is
Normal and particular data
Digital data and paper data
The agreement
Privacy information
The profiling
Privacy and video monitoring
Children data management
When agreement is not required
Diseases and minorities
Disagreement registry log
Manage and protect a data
Preservation time
Privacy management plan
Report a privacy violation
bottom of page