The University
Teaching
Research
InternationalOn 25 May 2018, Regulation 2016/679, known to most as the GDPR (General Data Protection Regulation), "on the protection of natural persons with regard to the processing of personal data and rules on the free movement of such data" became fully and directly applicable in all EU member states.
The regulation is highly articulated. It consists of 99 articles within 11 chapters that are preceded by 173 Recitals.
The General Data Protection Regulation repeals the "parent directive" on data processing (Directive 95/46/EC) and is intended to ensure regulatory uniformity and homogeneity of application within the Union, thereby facilitating the movement of data and - as the seventh Recital states - "creating the trust that will allow the digital economy to develop across the internal market."
By common consent, the cornerstone on which the EU framework rests is the accountability principle ("accountability" and/or "reporting"), and it is incumbent on the data controller to implement "appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation" (article 24, paragraph 1).
The European legislation continues to be accompanied by national legislation and, in particular, the "Personal Data Code" or "Privacy Code" (Legislative Decree 196/2003), as amended by Legislative Decree 101/2018 containing provisions adapting Italian regulations to the provisions of the GDPR.
To ensure compliance ("conformity") with the European Regulation and the Privacy Code, the University of Siena has undertaken an ongoing compliance process.
The data controller is the University of Siena with registered office in Banchi di Sotto no. 55, 53100 Siena, represented by the Rector, Prof. Roberto Di Pietra.
The controller's contact details are:
- e-mail: [email protected]
- PEC: [email protected]
The data controller is the natural or legal person who "determines the purposes and means of the processing of personal data" (article 4, no. 7 of the Regulation).
The Siena University Data Protection Officer (DPO) is dott. Chiara Silvia Armida Angiolini.
The data protection officer is entrusted with the tasks set forth in Article 39. Most importantly, he/she must "advise the controller [...] and the employees who carry out processing", "monitor compliance with this Regulation", "cooperate with the supervisory authority" and "act as the contact point for the supervisory authority".
The data subjects, i.e., natural persons to whom the data relate, "may contact the data protection officer with regard to all issues related to processing of their personal data and to the exercise of their rights under this Regulation" (article 38, paragraph 4).
In the present case, individuals (e.g. students, faculty or technical-administrative staff) interested in processing activities performed by the University of Siena can contact the University DPO at the following addresses:
- e-mail: [email protected]
- PEC: [email protected]
A "personal data breach" is defined as "a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed" (art. 4, no. 12).
You can learn more about data breaches by accessing the following page on the Data Protection Authority's institutional website: https://www.garanteprivacy.it/regolamentoue/databreach.
To report any violations in the processing of personal data, anyone can contact Siena University's data breach service, which can be reached at:
The Siena University data controller and data protection officer are supported by two interdisciplinary working groups in which IT, legal and administrative professionals converge.
These two working groups are available for clarification or information regarding the application of the regulation within Siena University and can be contacted at the following e-mail address:
Composition of the working groups
The European regulation requires that the "data controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 [...] in a concise, transparent, intelligible and easily accessible form, using clear and plain language..."
In fulfilment of this requirement, Siena University has so far published the privacy notices on the page: https://www.unisi.it/ateneo/adempimenti/privacy (section at the bottom of the page)