On September 4, 2018, Legislative Decree n. 101/2018 harmonizing the national privacy law with the General Data Protection Regulation (GDPR) was published on the official Italian journal (Gazzetta ufficiale n. 205 04-09-2018).
The Legislative Decree does not abrogate the Italian Privacy Code (Legislative Decree 196/2003), which therefore remains in force, but that Code is harmonized with the principles set out in the GDPR, first of all with the accountability principle.
Legislative Decree 101/2018 includes 27 articles and tasks the Italian Data Protection Authority (Garante Privacy) with the issuance of simplified rules for the small and medium and organizations pursuant to the Commission Recommendation 2003/361/EC (see art. 154bis Italian Privacy Code). In addition, the Italian DPA receives many other tasks, such as: identifying appropriate measures to protect the processing of health information, genetic and biometric data, and sensitive sectors (e.g., work relations, scientific research, public administration sector, etc.)
Legislative Decree 101/2018 will enter into force on September 19, 2018.
The Decreto legislativo 10 agosto 2018, n. 101, “Disposizioni per l’adeguamento della normativa nazionale alle disposizioni del regolamento (UE) 2016/679 del Parlamento europeo e del Consiglio, del 27 aprile 2016, relativo alla protezione delle persone fisiche con riguardo al trattamento dei dati personali, nonché alla libera circolazione di tali dati e che abroga la direttiva 95/46/CE (regolamento generale sulla protezione dei dati)” is available (in Italian) at http://www.gazzettaufficiale.it…
The press release by the Consiglio dei ministri is available (in Italian) at http://www.governo.it…
More on the Italian legislative decree is available at http://www.technethics.com….
For more information on this and for advice on GDPR implementation, contact Francesca Giannoni-Crystal. Thanks to Federica Romanelli.