Rome’s University “La Sapienza” ended up in the Italian Data Protection Authority’s sights after having notified a violation of personal data as required by art. 33 of the Regulations. Such violation concerned the disclosure of personal data processed through the University’s platform used for the management of offence reports by employees and third parties within the whistleblowing regime. Following the notification breach, the Authority initiated investigations. Violations of the measures provided in the Regulations for the protection of personal data were ascertained, with particular emphasis to the provisions relating to the current security measures in force.