The House of Data Imperiali bulletins are extracts from the articles of the Legal Information Service (SIG) edited by Mr. Rosario Imperiali d’Afflitto.

The SIG is available by subscription only.

For further information, please email:

Whistleblowing: the Italian National Anti-corruption Authority’s Guidelines and GDPR Setting -2

Italian Legislative Decree No. 24/2023 – implementing Directive (EU) 2019/1937 – on whistleblowing and the resulting Anti-Corruption Authority’s guidelines (ANAC) for procedures for the submission and management of external reports, first and foremost, regulate the phenomenon of reports of potential wrongdoing that workers and collaborators become aware in the work environment. They also consider the implications and impacts that this activity determines on the regulations protecting personal data.

In the bulletin of September 7, 2023, we focused on the type of data processing and the legal bases that underlie its lawfulness as well as the different subjective roles that are normally involved in this context.

On this occasion, we will look at other privacy profiles that come to the fore in the handling of whistleblowing.

Whistleblowing channels

Decree No. 24/2023 provides different reporting channels.

Subjects in the public sector have the option of reporting any type of violation through all channels that can be activated.

Private subjects, on the other hand, have more limited options depending on the topic of reporting and the channel profile, as summarized in the diagram below.

Source: ANAC’S Guidelines

Failure to establish reporting channels is sanctioned by the Italian National Anti-Corruption Authority with a fine of 10,000 to 50,000 euros.