The Italian legislators have made extensive use of the opening clauses of the GDPR. The Italian Data Protection Code specifies several data-protection topics that companies need to know, such as unsolicited job applications; genetic, biometric and health data; and it thoroughly regulates data-protection sanctions and penalties.
In the following, you will find the additions and derogations to the GDPR on the most important topics of personal data protection for companies. If topics are not linked, there are no derogating or specifying provisions in the national data-protection law.
- Specific data protection law and official guidelines
- Substantive and territorial scope
- Definitions
- Legal principles (no regulations deviating from the GDPR)
- Legal basis
- Sensitive data
- Informing requirements
- E-marketing (new regulation by ePrivacy Regulation remains to be seen)
- Cookies
- Automated decision-making (no regulations deviating from the GDPR)
- Rights of data subjects
- Processing on behalf of a controller (no regulations deviating from the GDPR)
- Records of processing activities
- Data security (no regulations deviating from the GDPR)
- Data breaches (no regulations deviating from the GDPR)
- Data protection impact assessment (DPIA)
- Data protection officer
- Certification (no regulations deviating from the GDPR)
- Data transfer (no regulations deviating from the GDPR)
- Supervisory authorities
- Sanctions and penalties
- Data protection for employees
- Archiving, scientific and historical research
