compliance with quality standards
set by the Authority for four services
minutes average waiting time
at help desks and chance to book
an appointment with an operator
thousand analyses
carried out on Group drinking water,
1,100 per day, of which 63% on the
distribution network

The security of information and the protection of personal data

The synergy in managing Personal Data and Logical Security was strengthened, with a view to sharing analyses on information security and personal data protection, conducted with a unified methodological approach within the Group.

Requests for consultancy and specific legal support were managed by processing specific in-depth analyses of regulations and of the documentation required to ensure the regulatory compliance of Group processes in terms of privacy, also for service contracts.

The Group’s compliance with GDPR 679/2016 was addressed through an interdisciplinary project that involved the structure and a timely review of the Group’s entire documentation system, in order to document compliance with the requirements of the law in protecting personal data, from the conception and design phase of the processing, deciding the methods, safeguards and limits.

The standardization within the Group consisted in particular in monitoring and making known the development of data privacy regulations, designing and implementing a Common Privacy Management System for the Group, defining Group’s criteria to appoint data processors, preparing Document Templates for the Group’s main formal fulfilments.

Specific training was designed and implemented to update on the main new regulations, and to focus on the role of the Heads of the organizational units, responsible for processing, which involved the entire Group.

A single Data Protection Officer (DPO) was appointed for the Hera Group, in accordance with legal requirements.