Giovedì, 26 Aprile 2018 10:44

Data Protection: GDPR implementation in Italy

Data Protection: GDPR implementation in Italy

On 21 March the Italian Government passed a preliminary proposal for a legislative decree aimed at updating the national legal framework in accordance with the GDPR (Regulation (EU) 2016/679).

In force since 2016, the GDPR will become binding in its entirety and directly applicable in all Member States from 25 May 2018. By this deadline, Member States are requested to adopt “complementary” national provisions ensuring the consistency of the internal legal systems with the new EU rules.

The Italian Government’s proposal aims at introducing such complementary provisions while repealing entirely the Italian Data Protection Code (legislative decree No.196 of 30 June 2003) as of 25 May 2018. Currently the proposal has been referred to the Italian Parliament, which should express a mandatory opinion before final approval.

In the meantime, as reported by national press[1], Italian stakeholder associations are requesting the introduction of a grace period mirroring the approach followed by the French Data Protection Authority. In February, the CNIL acknowledged the need to follow a more “flexible” approach during the initial months after 25 May, as far as new GDPR obligations are concerned (for instance the new obligations on portability and DPIA). During this initial phase, CNIL enforcement will boost the good faith compliance efforts by the undertakings and will not lead normally to the imposition of sanctions.

[1] A. Cherchi, Privacy, una tutela senza certezze, Il Sole 24 Ore, 22 April 2018; G. Latour, Serve una moratoria, Il Sole 24 Ore, 22 April 2018.

Usiamo i cookies per offrirti la migliore esperienza possibile su questo sito. Continuando la navigazione o cliccando su "Accetto" autorizzi il loro uso.