Protection of natural persons with reference to personal data
During 2021, for Iren S.p.A. and for the main Group companies, the activity of adapting, monitoring and implementing the company Privacy System, in application of the regulatory principles referred to in Regulation (EU) 679/16 (GDPR) and the national legislation in force (Legislative Decree no. 196/2003 and subsequent amendments, supplementary measures issued by the Privacy Guarantor, etc.) was carried out.
The GDPR has substantially changed the concept of protection of personal data, with the aim of strengthening the rights related to the protection of the individual sphere of individuals, introducing, among other things, the concepts of privacy by design and by default and accountability, thus obliging the Companies to evaluate and adopt best practices in order to minimise the processing of personal data.
The company Privacy System, subject to constant monitoring and improvement, led to the identification of the Data Protection Officer (DPO) of Iren S.p.A. as the 231 System Compliance and Privacy Manager, subsequently designated by the Data Controller (CEO of Iren S.p.A.). The same then gave instructions, in the context of the activity of management and coordination of the subsidiaries, to the Data Controllers of these companies, that they were to appoint as DPO the same person chosen for the Parent.
Subsequently all the Data Controllers of the main Group Companies therefore designated as DPO the Parent DPO and made the relevant communication to the Supervisory Authority. During 2021, the activities of adaptation and monitoring of the company Privacy System led, among other things, to constant support for the business structures on all issues relating to the processing of personal data (including, for example, the introduction of the Green Pass in the private sector, etc.), as well as the revision of some of the procedures containing rules of conduct to be implemented by staff. The Processing Registers, provided for under the terms of art. 30 of the GDPR are also constantly updated. These documents, revised annually, are provided for in the legislation for the purpose of providing full knowledge of the existing processing, identifying, among other things, a number of elements of particular significance such as data processed, conservation times, risk levels, etc.
Control of companies abroad
It is noted that the Parent does not control companies established and regulated by the laws of non-EU countries. Furthermore, it is noted that Iren S.p.A. is not subject to management and coordination by another company.
Report on Corporate Governance and Ownership Structure and Report on the policy on the subject of remuneration and on fees paid
The Report on Corporate Governance and Ownership Structure and the Report on the policy on the subject of remuneration and on fees paid, approved by the Board of Directors and published within the legal deadline, include information not mentioned in the section below "Information on Corporate Governance", as envisaged in art. 123‐bis and art. 123‐ter of Legislative Decree no. 58 of 24 February 1998, and subsequent amendments and additions.