RIGHTS AND PREVENTION
Duties and responsibilities
The Italian Data Protection Authority: Who We Are
The Italian Data Protection Authority (Garante per la protezione dei dati personali) is an independent authority set up to protect fundamental rights and freedoms in connection with the processing of personal data, and to ensure respect for individuals' dignity.
The DPA was set up in 1997, when the former Data Protection Act came into force.
It is a collegiate body including four members, who are elected by Parliament for a seven-year term. The authority has an office in Rome.
The tasks of the Garante are laid down in the GDPR 2016/679 as well as in the Personal Data Protection Code (legislative decree No. 196/2003)
and in other national and EU regulatory instruments.
The Garante is committed to ensure that, in all public and private sectors, data are processed as required by the law and the rights of individuals are respected whenever their personal data are processed.
OUR TASKS INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING:
- We check that personal data are processed in line with laws and regulations and, where appropriate, we order data controllers and data processors to take specific measures in order to process the data according to the rules.
- We handle complaints;
- We can ban, in whole or in part, or order the restriction of the processing of personal data if the nature of such data or the mechanisms or effects of the processing may substantially affect data subjects;
- We can take the measures envisaged in data protection legislation;
- We are consulted by Parliament and Government prior to the enactment of legislation impacting data protection;
- We can draw the attention of Government and Parliament, wherever appropriate, to the need for passing specific laws or regulations in various walks of life;
- We participate in the debates on law-making activities through hearings before Parliament;
- We can issue opinions;
- We draw up an annual report of our activities and the current enforcement of privacy legislation, which is submitted to Parliament and Government;
- We participate in data protection-related activities at EU and international level, including the handling of cross-border cases;
- We carry out supervisory and support activities regarding Europol, Schengen, VIS and similar information systems;
- We raise citizens' awareness of personal data protection issues and data security measures;
- We seek the involvement of citizens and stakeholders via public consultations whose findings are taken into account in drafting general application measures.