The protection and processing of personal data is a major challenge in the age of digitalization and market globalisation in terms of responsibility when managing data, but it is also an opportunity to improve the service that Group companies provide.
To rise to this challenge and in line with the new General Data Protection Regulation EU 2016/679 (GDPR), the Enel Group adopted a structure in 2017 to ensure that the privacy of all natural persons with whom it interacts is fully respected. Speciﬁcally, the Legal Function contains a Data Protection Ofﬁce, which has assigned “Data Protection Ofﬁcers” (or DPOs). DPOs are appointed based on their professional skills, knowledge and their ability to perform tasks in accordance with the principle of independence. The Data Protection Ofﬁce is structured as follows:
- Governance Data Protection: This monitors changes to legislation on data protection and determines the Group’s compliance;
- Global Service Functions and Holding Functions Data Protection: This promotes privacy from the outset of planning processes at global level and ensures consistent development at national level;
- Global Business Lines Data Protection: This supports Global Business Lines in accordance with data protection, and monitors changes to data protection certiﬁcation mechanisms for products and services;
- Country units for the protection of national data (Italy, Portugal, Romania, Spain): These monitor changes to data protection legislation at country level.