Privacy is a priority for all of the Mondadori Group and is ensured through the adoption of specific procedures for the processing of personal data that comply with applicable laws and are constantly monitored and updated. Mondadori publishes, and constantly updates, its privacy, personal data processing, and cookies policies on all Group websites.

The protection of privacy and personal data is a material topic for the Group and a matter of constant focus in company processes and in updating internal policies. In pursuing its business, the Mondadori Group as a whole has adopted a series of tools and internal procedures to ensure full compliance with Regulation (EU) 2016/679 (“GDPR”), with Legislative Decree 196/03 (“Data Protection Code”) as recently amended by Legislative Decree 101/2018, as well as with the indications and provisions issued by the Data Protection Authority.


Following the important process of alignment with the GDPR launched in 2017, the Group has developed a series of procedures to govern the management and processing of personal data and, in particular, of data retention, privacy by design or by default, data protection impact assessment, data breach, feedback to data subjects and the appointment of external data processors. These procedures were developed in parallel with a complete overhaul of the information provided to data subjects and of the contract templates, with the indication of the new specific regulations and details of the new corporate figure of Data Protection Officer, as identified and formalized on 14 March 2018 by the Board of Directors of the Parent.

Noteworthy points in the process of aligning with the GDPR also included: 

  • the formalization of two important co-ownership agreements, the first involving all Group companies in the management of HR, CRM, marketing and profiling activities; the second involving Mondadori Education and Rizzoli Education in the joint management of certain business activities and web platforms;
  • the adoption of a computerized data processing register for each company, to enable data controllers and the DPO unit to constantly watch over all processing activities carried out by the Group;
  • the performance of accurate DPIAs, personal data impact assessments on specific processing activities where risks may arise;
  • the adoption of new security measures aimed at preventing the loss of personal data and any data breaches and data incidents.