Italian Data Protection Authority (Garante per la protezione dei dati personali, GPDP), guidelines have been issued to protect personal data published online by public and private entities from web scraping. Web scraping, the indiscriminate collection of personal data from the internet by third parties for training generative AI models, poses significant risks. The GPDP's guidance includes recommendations for data controllers to implement measures such as creating restricted access areas, including anti-scraping clauses in terms of service, and monitoring web traffic for anomalies. These measures aim to hinder or prevent web scraping by making data less accessible or detecting unauthorized data collection. The GPDP emphasizes that these measures are not mandatory but should be considered based on the principle of accountability, taking into account technological feasibility and cost, especially for small and medium-sized enterprises (SMEs). The guidelines reflect contributions from a fact-finding investigation and ongoing legal assessments, including a case involving OpenAI. The full document is available on the GPDP's official website and will be published in the Official Gazette of the Italian Republic.