Italian Data Protection Authority Fines ITA Airways €190,000 for GDPR Violations in Executive Data Breach

The Italian Data Protection Authority (Garante Privacy) imposed a €190,000 fine on ITA Airways for unlawfully processing the personal data of its former Board of Directors President. The violations included unauthorized access to the executive's email and the acquisition of documents during a third-party digital forensics investigation. The case involved multiple breaches of GDPR regulations, specifically regarding the lawful handling of personal data. No specific dates or technical details of the forensic methods were disclosed. The sanction highlights persistent compliance gaps in GDPR implementation within the organization.