Breadcrumb

Breadcrumbs

Italian legislation

Italian legislation

 

SUMMARY

 

Data Protection Code - Legislative Decree no. 196/2003

 

 

Codes of Conduct

 

 

General Authorisations Issued for the Processing of Sensitive Data (as currently in force)

 

 

General Authorisations Issued for Cross-Border Data Flows to Third Countries

 

 

 

 

back

 

  • Data Protection Code - Legislative Decree no. 196/2003 

 

Italy´s consolidated data protection code came into force on 1 January 2004.The Code brings together all the various laws, codes and regulations relating to data protection since 1996. 

 

In particular, it supersedes the Data Protection Act 1996 (no. 675/1996), which had come into effect in May 1997.

 

Please note that the Code was amended by the decree adapting the national legal system to the GDPR 2016/679 (Legislative Decree No. 101 of 10 August 2018).  

 

Accordingly, several of its provisions were amended or repealed and sections were added. The decree has made use of the margin of manoeuvre afforded by the GDPR to Member States as regards, in particular, processing activities based on legal obligations or for purposes in the public interest (Article 6(1), letters c) and e) ); processing of biometric, genetic and health-related data (Article 9(4) and Article 36(5) ); processing activities covered by Chapter IX of the GDPR (journalism, labour, research, archiving, etc.). As a result, several provisions of the 2003 Code were left in place as they were found not to be in conflict or overlap with the GDPR and to provide added value for the relevant stakeholders based on the implementing experience of the past 15 years.

 

More detailed information on the new text of the Code as well as the English translation of the consolidated Code will be available shortly in this section.

 

The consolidated Italian text of the Code is available here.

 

 

 

back

 

Codes of Conduct

 

- Code of Practice Applying to the Processing of Personal Data Performed with a View to Defence Investigations

 

- Code of conduct and professional practice applying to information systems managed by private entities with regard to consumer credit, reliability, and timeliness of payments

 

- Code of conduct and professional practice applying to processing of personal data for statistical and scientific purposes

 

- Code of conduct and professional practice applying to the processing of personal data for statistical and scientific research purposes within the framework of the national statistical system

 

- Code of conduct and professional practice Regarding the processing of personal data For historical purposes

 

- Code of Practice Concerning the Processing of Personal Data in the Exercise of Journalistic Activities

 

- Code of Ethics and Conduct in Processing Personal Data for Business Information Purposes

 

 

 

back

 

General Authorisations Issued for the Processing of Sensitive Data (as currently in force)

 

Introduction

 

- Authorisation No. 1/2014 Concerning Processing of Sensitive Data in the Employment Context

 

- Authorisation No. 2/2014 Concerning Processing of Data Suitable for Disclosing Health or Sex Life

 

- Authorisation No. 3/2014 Concerning - Processing of Sensitive Data by Associations and Foundations

 

- Authorisation No. 4/2014 Concerning - Processing of Sensitive Data by Self-Employed Professionals

 

- Authorisation No. 5/2014 Concerning - Processing of Sensitive Data by Various Categories of Data Controller

 

- Authorisation No. 6/2014 Concerning Processing of Sensitive Data by Private Detectives

 

- Authorisation No. 7/2014 Concerning Processing of Judicial Data by Private Entities, Profit-Seeking Public Bodies and Public Entities

 

- Authorisation No. 8/2014 for the Processing of Genetic Data

 

- Authorisation no. 9/2014 - General Authorisation to Process Personal Data for Scientific Research Purposes

 

 

 

back

 

General Authorisations Issued for Cross-Border Data Flows to Third Countries

 

Introduction

 

- Authorisation to Transfer Personal Data from the Italian Territory to the Eastern Republic of Uruguay

 

- Authorisation to Transfer Personal Data from the Italian Territory to New Zealand

 

- Authorisation to Transfer Personal Data from the Italian Territory to the State of Israel

 

- Authorisation to Transfer Personal Data to the Principality of Andorra

 

- Authorisation for data transfers to the US based on the "Safe Harbor Principles" (PRESS RELEASE: Data Transfers to the USA: the "Safe Harbor" Authorisation is Invalid - 6 november 2015)

 

- Authorisation for data transfers to Switzerland

 

- Authorisation for data transfers to Hungary [no longer in force]

 

- Authorisation for data transfers in compliance with Standard Contractual Clauses (controller-to-controller) (First Set)

 

- Authorisation for data transfers in compliance with Standard Contractual Clauses (controller-to-processor)

 

- Authorisation for data transfers to the Bailiwick of Guernsey

 

- Authorisation for data transfers to Canada

 

- Authorisation to Transfer Personal Data from the State´s Territory to Third Countries

 

- Authorisation for data transfers to the Isle of Man

 

- Authorisation for the Transfer of Personal Data from the State´s Territory to the US CBP Office of the Department of Homeland Security

 

- Authorisation for data transfers to Argentina

 

 

 

 

back