'Principe Umberto di Savoia' State Scientific and Linguistic High School – €1,000 Fine (Italy, 2025)

€1,000Garante per la protezione dei dati personali4 December 2025Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

'Principe Umberto di Savoia' State Scientific and Linguistic High School was fined EUR 1,000 for mishandling employee personal data. They did not take proper steps to protect sensitive information, like medical data, which led to unauthorized access. This case serves as a reminder for educational institutions to prioritize data security.

What happened

The school processed employee personal data, including sensitive medical information, without adequate security measures.

Who was affected

Employees whose personal data, including medical records, was accessed without authorization.

What the authority found

The Italian DPA ruled that the school failed to implement sufficient technical and organizational measures to protect personal data, violating GDPR requirements.

Why this matters

This case highlights the responsibility of schools to safeguard personal information. Institutions must ensure they have proper data protection protocols in place to protect their staff's privacy.

GDPR Articles Cited

AI-verified

Art. 6(GDPR)
Art. 13(GDPR)
Art. 29(GDPR)
Art. 5(1)(a) GDPR
Art. 9(2)(b) GDPR
View original scraped data
Art. 5(1) a) GDPR
Art. 6(GDPR)
Art. 9(2) b) GDPR
g) GDPR
Art. 13(GDPR)
Art. 29(GDPR)

Original data from scraper before AI verification against source document.

Source verified 16 March 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll 'Principe Umberto di Savoia' State Scientific and Linguistic High School actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 1,000 on 'Principe Umberto di Savoia' State Scientific and Linguistic High School. The controller processed the personal data of employees in relation to their employment, including medical data such as sick leave due to serious illness. The controller failed to introduce sufficient technical and organisational measures, resulting in employees gaining unauthorised access to personal data. The processor also failed to adequately inform data subjects regarding the processing.

Related Enforcement Actions (0)

No other enforcement actions found for 'Principe Umberto di Savoia' State Scientific and Linguistic High School in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

4 December 2025

Authority

Garante per la protezione dei dati personali

Fine Amount

€1,000

Enforcement Tracker ID

ETid-3021

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. 'Principe Umberto di Savoia' State Scientific and Linguistic High School - Italy (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: