Italy: Announced GPDP investigation into InfoCert over alleged data breach

On 3 January 2025, the Italian Data Protection Authority (GPDP) announced an investigation into InfoCert following a data breach notification made by the company in December 2024. GPDP highlighted that the breach, affecting an external supplier’s information technology systems, may have compromised the confidentiality of a large amount of personal data. InfoCert has been given 10 days to submit documents detailing its relationship with the external supplier and to provide information on the processing of personal data involved in the breach.