{"id":30260,"date":"2025-12-12T16:36:43","date_gmt":"2025-12-12T15:36:43","guid":{"rendered":"https:\/\/dev.andersen.dotandmedia.com\/?p=30260"},"modified":"2025-12-12T16:50:21","modified_gmt":"2025-12-12T15:50:21","slug":"compliance-risk-management-compliance-risks-for-employees","status":"publish","type":"post","link":"https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/","title":{"rendered":"Compliance & Risk Management – Compliance risks for employees"},"content":{"rendered":"

In this fourth edition of the Compliance & Risk Management<\/strong> Newsletter, professionals of Andersen’s 231\/Privacy<\/strong> Service Line have explored the topic of compliance risks for employees<\/strong> in order to highlight the increasingly importance for companies to adopt appropriate measures to mitigate the risks associated with the incorrect storage of metadata and improper or illegal conduct by employees, thereby improving their governance<\/strong>.<\/p>\n

When a crime committed by an employee also involves the company<\/h2>\n

Under Legislative Decree 231\/2001, a crime committed by an employee can be extended to the company when the individual acts in the interest or to the advantage of the entity, even only potentially<\/strong>. The benefit does not need to be actually achieved<\/strong>: it is enough that the conduct was suitable or even simply aimed at obtaining it.<\/p>\n

However, the company\u2019s liability is not automatic. It is necessary to verify whether the offence is among those covered by the Decree <\/strong>and whether the organisation lacked an adequate prevention system. The absence\u2014or ineffectiveness\u2014of the Organisationl Model<\/strong> becomes the decisive threshold: if the company has not mapped its risks, established clear protocols, or properly trained its personnel, the employee\u2019s conduct may directly impact the entity.<\/p>\n

The retention of corporate e-mail metadata<\/h2>\n

With decision no. 243 of 29.04.2025<\/strong>, the Data Protection Authority intervened on the issue of storing email and browsing metadata <\/strong>in the workplace, setting specific time limits<\/strong> for the storage of metadata (21 days). <\/strong>After this period, metadata should be deleted or, in any case, made unavailable, unless specific guarantees <\/strong>are adopted by the employer and there are proven technical and organisational needs, or a trade union agreement has been reached or specific authorisation has been obtained from the labour authority.<\/p>\n

The issue is complex and deserves close attention: employers will have to manage the storage of email (and browsing) metadata in compliance with the requirements of the Data Protection Authority, under penalty of significant sanctions<\/strong>. This applies even though there are still unresolved questions for which an intervention by the Privacy Authority is hoped for.<\/p>\n

The risks arising from the improper use of AI by employees<\/h2>\n

Generative AI<\/strong> is everywhere. People and companies around the world use it every day to perform tasks and duties such as translating texts, identifying key search terms, analysing social media engagement data, and creating images and videos. However, Artificial Intelligence may be used without complying with corporate policies, thus contributing to the growth of what is now known as Shadow AI<\/strong>.<\/p>\n

The main risks<\/strong> arising from Shadow AI include security incidents or personal data breaches<\/strong>, violations of company procedures, and violations of company copyright<\/strong> (know-how, trade secrets, confidential information), which have a significant impact not only on the operation and efficiency of processes, but also on reputation<\/strong>.<\/p>\n

It is therefore essential to adopt a risk-based approach<\/strong>, which is now the basis of all the latest European regulations (AI ACT, GDPR, NIS 2 Directive, DORA), and an effective governance<\/strong> strategy to strengthen the resilience<\/strong> of the company.<\/p>\n","protected":false},"excerpt":{"rendered":"

In this fourth edition of the Compliance & Risk Management Newsletter, professionals of Andersen’s 231\/Privacy Service Line have explored the topic of compliance risks for employees in order to highlight the increasingly importance for companies to adopt appropriate measures to mitigate the risks associated with the incorrect storage of metadata and improper or illegal conduct […]<\/p>\n","protected":false},"author":146,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[50],"tags":[],"class_list":["post-30260","post","type-post","status-publish","format-standard","hentry","category-insights"],"acf":[],"yoast_head":"\nCompliance risks for employees - Andersen Italy<\/title>\n<meta name=\"description\" content=\"Discover governance tools to mitigate compliance risks involving employees and thereby strengthen resilience.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Compliance risks for employees - Andersen Italy\" \/>\n<meta property=\"og:description\" content=\"Discover governance tools to mitigate compliance risks involving employees and thereby strengthen resilience.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/\" \/>\n<meta property=\"og:site_name\" content=\"Andersen Italy\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-12T15:36:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-12T15:50:21+00:00\" \/>\n<meta name=\"author\" content=\"Nicol\u00f2 Bottura\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nicol\u00f2 Bottura\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/compliance-risk-management-compliance-risks-for-employees\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/compliance-risk-management-compliance-risks-for-employees\\\/\"},\"author\":{\"name\":\"Nicol\u00f2 Bottura\",\"@id\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/#\\\/schema\\\/person\\\/bd585cd6857731a49439105898401ac7\"},\"headline\":\"Compliance & Risk Management – Compliance risks for employees\",\"datePublished\":\"2025-12-12T15:36:43+00:00\",\"dateModified\":\"2025-12-12T15:50:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/compliance-risk-management-compliance-risks-for-employees\\\/\"},\"wordCount\":502,\"articleSection\":[\"Insights\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/compliance-risk-management-compliance-risks-for-employees\\\/\",\"url\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/compliance-risk-management-compliance-risks-for-employees\\\/\",\"name\":\"Compliance risks for employees - Andersen Italy\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/#website\"},\"datePublished\":\"2025-12-12T15:36:43+00:00\",\"dateModified\":\"2025-12-12T15:50:21+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/#\\\/schema\\\/person\\\/bd585cd6857731a49439105898401ac7\"},\"description\":\"Discover governance tools to mitigate compliance risks involving employees and thereby strengthen resilience.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/compliance-risk-management-compliance-risks-for-employees\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/compliance-risk-management-compliance-risks-for-employees\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/compliance-risk-management-compliance-risks-for-employees\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Compliance & Risk Management – Compliance risks for employees\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/\",\"name\":\"Andersen Italy\",\"description\":\"Andersen Italy\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/#\\\/schema\\\/person\\\/bd585cd6857731a49439105898401ac7\",\"name\":\"Nicol\u00f2 Bottura\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0ee8df0fed542e40878a626f9ac11017ef75794148559c26dcc2a6bf5997bb7a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0ee8df0fed542e40878a626f9ac11017ef75794148559c26dcc2a6bf5997bb7a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0ee8df0fed542e40878a626f9ac11017ef75794148559c26dcc2a6bf5997bb7a?s=96&d=mm&r=g\",\"caption\":\"Nicol\u00f2 Bottura\"},\"url\":\"https:\\\/\\\/dev.andersen.dotandmedia.com\\\/en\\\/author\\\/nicolo-bottura\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Compliance risks for employees - Andersen Italy","description":"Discover governance tools to mitigate compliance risks involving employees and thereby strengthen resilience.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/","og_locale":"en_US","og_type":"article","og_title":"Compliance risks for employees - Andersen Italy","og_description":"Discover governance tools to mitigate compliance risks involving employees and thereby strengthen resilience.","og_url":"https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/","og_site_name":"Andersen Italy","article_published_time":"2025-12-12T15:36:43+00:00","article_modified_time":"2025-12-12T15:50:21+00:00","author":"Nicol\u00f2 Bottura","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Nicol\u00f2 Bottura","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/#article","isPartOf":{"@id":"https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/"},"author":{"name":"Nicol\u00f2 Bottura","@id":"https:\/\/dev.andersen.dotandmedia.com\/en\/#\/schema\/person\/bd585cd6857731a49439105898401ac7"},"headline":"Compliance & Risk Management – Compliance risks for employees","datePublished":"2025-12-12T15:36:43+00:00","dateModified":"2025-12-12T15:50:21+00:00","mainEntityOfPage":{"@id":"https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/"},"wordCount":502,"articleSection":["Insights"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/","url":"https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/","name":"Compliance risks for employees - Andersen Italy","isPartOf":{"@id":"https:\/\/dev.andersen.dotandmedia.com\/en\/#website"},"datePublished":"2025-12-12T15:36:43+00:00","dateModified":"2025-12-12T15:50:21+00:00","author":{"@id":"https:\/\/dev.andersen.dotandmedia.com\/en\/#\/schema\/person\/bd585cd6857731a49439105898401ac7"},"description":"Discover governance tools to mitigate compliance risks involving employees and thereby strengthen resilience.","breadcrumb":{"@id":"https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/dev.andersen.dotandmedia.com\/en\/compliance-risk-management-compliance-risks-for-employees\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dev.andersen.dotandmedia.com\/en\/"},{"@type":"ListItem","position":2,"name":"Compliance & Risk Management – Compliance risks for employees"}]},{"@type":"WebSite","@id":"https:\/\/dev.andersen.dotandmedia.com\/en\/#website","url":"https:\/\/dev.andersen.dotandmedia.com\/en\/","name":"Andersen Italy","description":"Andersen Italy","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dev.andersen.dotandmedia.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/dev.andersen.dotandmedia.com\/en\/#\/schema\/person\/bd585cd6857731a49439105898401ac7","name":"Nicol\u00f2 Bottura","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/0ee8df0fed542e40878a626f9ac11017ef75794148559c26dcc2a6bf5997bb7a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/0ee8df0fed542e40878a626f9ac11017ef75794148559c26dcc2a6bf5997bb7a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0ee8df0fed542e40878a626f9ac11017ef75794148559c26dcc2a6bf5997bb7a?s=96&d=mm&r=g","caption":"Nicol\u00f2 Bottura"},"url":"https:\/\/dev.andersen.dotandmedia.com\/en\/author\/nicolo-bottura\/"}]}},"_links":{"self":[{"href":"https:\/\/dev.andersen.dotandmedia.com\/en\/wp-json\/wp\/v2\/posts\/30260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dev.andersen.dotandmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.andersen.dotandmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.andersen.dotandmedia.com\/en\/wp-json\/wp\/v2\/users\/146"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.andersen.dotandmedia.com\/en\/wp-json\/wp\/v2\/comments?post=30260"}],"version-history":[{"count":2,"href":"https:\/\/dev.andersen.dotandmedia.com\/en\/wp-json\/wp\/v2\/posts\/30260\/revisions"}],"predecessor-version":[{"id":30262,"href":"https:\/\/dev.andersen.dotandmedia.com\/en\/wp-json\/wp\/v2\/posts\/30260\/revisions\/30262"}],"wp:attachment":[{"href":"https:\/\/dev.andersen.dotandmedia.com\/en\/wp-json\/wp\/v2\/media?parent=30260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.andersen.dotandmedia.com\/en\/wp-json\/wp\/v2\/categories?post=30260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.andersen.dotandmedia.com\/en\/wp-json\/wp\/v2\/tags?post=30260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}