You are here

Data protection

  • GRI

The protection and processing of personal data represents a major challenge in the era of digitalization and globalization of markets in terms of responsibility in managing the data as well as an opportunity to improve the service that Group companies provide.

In order to respond to this challenge and in line with the new General Data Protection Regulation (GDPR) EU 2016/679, the Enel Group adopted a structure in 2017 to guarantee that the privacy of all the natural persons with whom it interacts is fully respected by appointing Data Protection Officers (“DPOs”). The DPO structure is integrated into the Group’s legal area and reflects the matrix-based model of Enel’s organization.

Among other things, the DPOs support the business areas in adopting a “privacy by design” approach, thanks to which the protection of personal data is a building block in the design of any business initiative or business process. The DPOs provide advice to Enel’s Data Controllers and Data Supervisors through risk assessment methodologies such as the privacy impact assessment, a tool required by EU Regulation that allows the riskiest processing operations to be evaluated and the appropriate security measures.

Enel’s priority is to go beyond regulatory compliance. Data subjects’ rights are better protected if the quality, quantity, speed and accuracy of the data, fundamental features of Enel’s information assets, are guaranteed. Data quality is a prerequisite for technological innovation and sustainability. The use of highly sophisticated technologies, such as cloud computing, Big Data, AI, Data Analytics and the Internet of Things, allows us to offer more and more customer-tailored products and services, while at the same time requiring great responsibility in terms of privacy protection.

European Group Companies managed about 14,000 communications related to personal data protection and cooper- ated with national authorities receiving 77 requests of clarifications.

In 2018 no “data breaches” have been recorded. In Italy Enel Energia and Servizio Elettrico Nazionale managed two incidents related to personal data, promptly notified to the Data Protection Authority. In Romania one incident was recorded which involved the companies Enel Energie Muntenia and Enel Energie SA.