Privacy is a priority for all of the Mondadori Group and is ensured through the adoption of specific procedures for the processing of personal data that comply with applicable laws and are constantly monitored and updated. Mondadori publishes, and constantly updates, its privacy, personal data processing, and cookies policies on all Group websites.
Privacy and personal data protection, a material topic for the Mondadori Group, are fundamental elements for the undertaking as a whole, in which each company is committed to ensuring that the collection and processing of personal data is performed in accordance with the principles and applicable laws.
In pursuing its business, therefore, since 2017 the Mondadori Group has implemented a process of adaptation, updating its internal tools and procedures to ensure full compliance with Regulation (EU) 2016/679 (“GDPR”), with Legislative Decree 196/03 (“Data Protection Code”) as subsequently amended by Legislative Decree 101/2018, and with the indications and provisions issued by the Data Protection Authority. Specifically, the Group has put in place new disclosures provided to interested parties and new contractual models; it has adopted a series of procedures updated to the new legislation – in the areas of data retention, privacy by design and by default, data protection impact assessment, data breach, feedback to interested parties and the appointment of data processors pursuant to and for the purposes of Article 28 of the GDPR; it has identified and appointed the Data Protection Officer for entire Mondadori Group as a whole, formalized on 14 March 2018 by the Board of Directors of the Parent Company and then endorsed by each subsidiary.
With regard to the protection of personal data, with a view to continuing and improving the process of compliance with the privacy legislation established by the GDPR and national legislation, in 2019 the Mondadori Group carried out a number of activities. These include:
- the adoption of a tool for the daily, constant computerized management by data controllers and the DPO unit of data processing registers;
- the updating of previous Data Protection Impact Assessments (DPIA) and the performance of specific DPIAs for new processing activities that may pose risks to the rights and freedoms of the individuals involved;
- the updating of existing security measures, and the adoption of new ones, aimed at preventing the loss of personal data and any data breaches and data incidents;
- the updating of the disclosure formats provided to interested parties in accordance with Articles 13 and 14 of the GDPR;
- the performance of a compliance audit – conducted externally – on the processing of personal data of customers and potential customers as part of the sales and marketing activities carried out and managed by Mondadori Retail S.p.A., aimed at assessing the degree of compliance of the company’s privacy management system with the GDPR, as well as with internal company procedures;
- the organization of preliminary/ancillary activities for the training on privacy issues of Mondadori Group employees, aimed at raising awareness of the correct daily management of personal data in the workplace;
- the preparation of an annual report by the Data Protection Officer, submitted to the Board of Directors of the Parent Company on 30 July 2019 and distributed to all delegated controllers and members of the boards of statutory auditors of the subsidiaries.