The University of Milan manages daily thousands of pieces of personal data for students, professors and technical-administrative staff, as well as for all those who frequent our offices or browse the portal.

To ensure maximum transparency regarding methods of personal data management, the University of Milan has dedicated this page to informing users about the internal regulations for implementing The General Data Protection Regulation (EU) 2016/679 (GDPR), also referred to as the Privacy Code, as well as the rights of the persons to whom the data refers.

  • The European Regulation on the protection of personal data, approved on 27 April 2016 and published in the Official Journal of the EU on 4 May 2016, and became effective on 24 May of the same year. The regulation is directly applicable from 25 May 2018 in all member states.
  • The Italian Legislative Decree 196/2003 – Italian Data Protection Code, amended by Legislative Decree 101/2018, "Provisions for the adaptation of the national legislation to the provisions of the regulation (EU) 2016/679", is the main national reference point concerning privacy. The framework is completed with the provisions and decisions of the Italian Guarantor Authority for the protection of personal data.
  • With the entry into force of EU Regulation 2016/679 and following the amendments made to Legislative Decree 196/2003 by Legislative Decree 101/2018, the University revised its internal policies on personal data processing to reflect the new provisions, and adopted the new Regulations on the protection of personal data of the University of Milan, in force from 30 March 2021. As of the same date, the 2004 University Regulations on the protection of personal data and the Sensitive Data Regulations are no longer in force.

Responsabile della Protezione Dati

Ai sensi degli artt. 37 e ss. del Regolamento UE 2016/679, l’Ateneo ha nominato il Responsabile per la Protezione dei Dati (RPD):

Dott. Pierluigi Perri
Via Festa del Perdono 7, 20122 Milano

Riferimenti del Garante per la protezione dei dati personali:

The controller of personal data processing, in line with the regulations currently in force, is the current chancellor (Data Controller).

In order to manage personal data more effectively and within the context of reference, the Data Controller appoints Managers, who in turn choose the Processors, that is, those who actually process the data.

Data Controller
The current chancellor

• Department directors
• Research centre directors
• Directors of Postgraduate Schools
• Division Heads
• Directors of Functional Centres and Service Centres
• Library directors
• Heads of offices and staff services
• Secretary of the Chancellor and of the Director-General

Appointed by the managers

The management of privacy policies at a central level is entrusted to the Legal Department and Central Purchasing Office, Legal Sector, which is the legal point of reference for Managers and Processors in the daily processing of personal data.

The rights of the persons to whom the personal data refer are governed by Articles 15-22 of EU Regulation 2016/679.

The rights of those concerned:

  • Access
  • Rectification
  • Integration
  • Cancellation
  • Treatment limitation
  • Data portability
  • Opposition to processing
  • Selection to not be the recipient of decisions based on exclusively automated processing
  • Claim to the supervisory authority

Exercise of rights

Contact the Data Protection Manager:

  • by e-mail at:
  • by registered mail, with a period for reply from 1 to 3 months


The exercise of rights is free of cost.