Italian Data Protection Authority Fines ITA and Alitalia for GDPR Violations

The Italian Data Protection Authority (Garante Privacy) imposed fines of 1 million euros on ITA and 250,000 euros on Alitalia for violating GDPR regulations in their handling of employees' personal data. The sanctions stem from inadequate responses to a worker’s request for access to their personal data during corporate restructuring. The violations specifically involved non-compliant data processing practices under Article 15 of the GDPR, which guarantees individuals the right to access their personal information. No specific dates or technical details regarding the data mishandling were disclosed in the notice. The case highlights regulatory scrutiny over employee data management during organizational transitions.