Compliance Privacy

Considering the regulatory trend with regard to personal data processing, the Acea Group has undertaken to develop and implement effective policies to protect the personal data of employees, customers, suppliers, shareholders, stakeholders, partners, as well as any persons whose personal data, for whatsoever reason, are processed by the Company, adopting a Privacy Governance Model, in accordance with Regulation (EU) 2016/679 on data protection (GDPR).

The indications issued by the Italian Data Protection Authority are always enforced, wherever applicable, and privacy-related training sessions are periodically carried out, as well as supplier checks, with the aim of not only fulfilling the direction and control obligations as regards personal data processing performed by third parties on behalf of the Acea Group, but also having a constant view of the entire reference scenario. Moreover, a second-level governance and monitoring system has been developed, comprising a series of controls consistent with privacy and data protection risks.

Privacy Governance Model

On 14 March 2022 Acea SpA’s Board of Directors adopted the Privacy Governance Guideline, setting out the essential elements of the Acea Privacy Governance Model, together with the related interpretation, within the Group, of the compliance framework.

The Guideline forms part of the integrated framework adopted by the Acea Group for the application of Regulation (EU) 2016/679 (“General Data Protection Regulation”, hereinafter “GDPR”) regarding the protection of natural persons and the processing of personal data.

The objectives of the Guideline are as follows:

  • to regulate Acea SpA’s direction and control initiatives and explain objectives, principles and activities pertaining to Privacy issues;
  • to define the general rules for transverse actions involving the Privacy Governance Model.

More specifically, the Group’s Privacy Governance framework pursues the following purposes:

  • to ensure observance of current legislation with regard to data processing;
  • to define roles and responsibilities of the persons involved in the application of Acea’s “Privacy Organisational Model” as shown below, and to explain the latter’s role of direction and control within the Group;
  • to define the data protection principles that must be implemented and effectively enforced;
  • to define the framework of security controls that must be analysed and explained in the dealings with parties (legal entities or natural persons) who process data on behalf of Acea;
  • to define the activities to be carried out in order to analyse areas that may potentially impact data protection;
  • to assess the risk and impact on the rights and freedoms of natural persons in connection with the processing of personal data;
  • to explain disclosure requirements;
  • to implement the actions necessary for protecting the rights of the parties concerned, ensuring the correctness of the handling process and response to their requests;
  • to define the requirements of privacy reports and personal data processing registers;
  • to describe the functional architecture of the automatic privacy system management tools in the companies.
Acea Privacy Governance Model

Acea therefore presides over all the key areas envisaged by the GDPR, such as:

  • Roles and responsibilities
  • Training
  • Third party management
  • Privacy by design and by default
  • Register of processing operations
  • Risk analysis
  • Data Breach Management
  • Cross-border transfer of data
  • Data retention

Furthermore, Acea always pays attention to the various areas emerging that have an impact on privacy, such as the safe handling of data with respect to the new technologies and the new work tools.

The Data Protection Officer (DPO) of Acea SpA and other companies can be contacted at the following address

Related content


Management systems

In order to ensure the proper running of the Group’s activities, Acea has activated a complex system of internal rules, procedures and processes.


Anti-corruption Compliance

The Acea Group has set up a structured system of rules, controls and organisational monitoring designed to prevent corruption risks.

our commitment

The dialogue with our Stakeholders

Engaging, listening and communicating with stakeholders are core elements for the Acea Group.


Discover the latest news and initiatives of the Acea Group