The Garante's inspection plan for the first half of 2011 has been published, focussing on private investigators' activities, computer services (in particular "cloud computing"), banks and credit cards, marketing activities (including via SMS and e-mail) and welfare institutions.
The inspection plan foresees specific measures imposed on both the public and private sectors to deal with:
- the information notice to be given to the data subjects about the use of their personal data;
- adoption of security measures;
- data retention;
- the need for consent; and
- the notification obligation.
Exercising these inspection activities will be carried out in cooperation with the Special Privacy Unit of the Guardia di Finanza.
The Garante has also published a report about its inspection activities carried out in 2010.
During 2010, the Garante carried out 474 inspections and 424 disciplinary actions were taken, the majority of which were due to a failure by the data controller to provide an appropriate information notice, unlawful processing of personal data and a failure to adopt appropriate security measures. The 2010 inspections mainly focused on the health sector, hotel chains, e-learning and activation of multiple phone cards.
There were 55 reports to the courts for criminal offences, involving, inter alia, failure to implement security measures, making false declarations and notifications and failure to comply with advice issued by the Garante.
Revenues from the penalties imposed by the Garante were about €3,800,000. In particular, €2 million was collected for violations of the obligation to notify data subjects, €800,000 relating to the unlawful processing of personal data and €450,000 relating to failures by companies and public departments to adopt the required security measures.