The University of Milan manages daily thousands of pieces of personal data for students, professors and technical-administrative staff, as well as for all those who frequent our offices or browse the unimi.it portal.

To ensure maximum transparency regarding methods of personal data management, the University of Milan has dedicated this page to informing users about the internal regulations for implementing The General Data Protection Regulation (EU) 2016/679 (GDPR), also referred to as the Privacy Code, as well as the rights of the persons to whom the data refers.

• The European Regulation on the protection of personal data, approved on 27 April 2016 and published in the Official Journal of the EU on 4 May 2016, and became effective on 24 May of the same year. The regulation is directly applicable from 25 May 2018 in all member states.
• The Italian Legislative Decree 196/2003 – Italian Data Protection Code, amended by Legislative Decree 101/2018, “Provisions for the adaptation of the national legislation to the provisions of the regulation (EU) 2016/679”, is the main national reference point concerning privacy. The framework is completed with the provisions and decisions of the Italian Guarantor Authority for the protection of personal data.
• The University of Milano has activated the Code with regards to its responsibilities relating to institutional activities through the University Regulation on personal data protection, approved on December 2, 2004, and with the Sensitive Data Regulation, approved on March 28, 2006 and last amended by Rectoral Decree 288432 of 12/13/2013.
• Both university regulations are being updated in the light of EU Regulation 2016/679 and Legislative Decree 101/2018.

You can find the complete information to data subject here