Italy

Stage of legislative progress
Eg. pre-consultation, in consultation

No draft published yet.

Approach to implementation
Eg. amendments to existing law, total repeal of old laws

n/a

Timescale for implementation
Eg. pre-consultation, in consultation

n/a

Areas where Member States must have local laws:

Personal data and freedom of expression

According to Garante's Guide, article 8 Legislative Decree 196/03 can be applied, if consistent with GDPR.

Penalties

n/a

Areas where Member States may have local laws:

Professional secrecy

n/a

Scientific, historical or statistical purposes

n/a

Employment

n/a

Personal data of deceased persons

n/a

Children online

16

Special rules for special categories of data

n/a

Genetic, biometric or health data

Under Garante's Guide, written consent is not mandatory.

Principles under existing DPA guidelines on biometric data still apply to the processing of this data.

Designation of a Data Protection Officer

DPA refers to the WP29 guidelines.

National identification numbers/any other identifier of general application

n/a

Other:

Any other areas under discussion

The Garante Guide notes that:
• Controllers and Processors should use symbols and icons suggested by DPA's Decisions on CCTV systems and banks, together with a complete and exhaustive privacy notice;
• DPA will provide guidance on meaning of "reasonable fees" and security measures for processing sensitive data;
• measures appointing staff to process and track bank users' activity should be maintained; and
• records of processing activities for organisations with fewer than 250 persons employed should be maintained.