ITGarante per la protezione dei dati personali03 June 2025GDPR data retention violation

Regione Lombardia

Regione Lombardia fined EUR 50,000 by Garante for data retention breaches.

EUR€50,000

Country: IT
Authority: Garante per la protezione dei dati personali
Type: GDPR data retention violation
Imposed: 03 June 2025
Added to register: 09 June 2026

Summary

The Italian Data Protection Authority, Garante per la protezione dei dati personali, imposed a EUR 50,000 fine on Regione Lombardia. The case concerned unlawful retention of employees' email metadata, excessive retention of web browsing logs, and prolonged storage of helpdesk ticket data.

Grounds for the decision

Unlawful retention of employees' email metadata and excessive retention of browsing logs and helpdesk data.