Italian Data Protection Authority first semester 2018 inspection plan

On February 1st 2018 the Italian Data Protection Authority (DPA) published the inspection plan for the first semester of 2018. According to this inspection plan, the Italian DPA will focus its controls on processing activities of health data for research purposes, rating the solvency of enterprises, national statistical systems, the Italian Public System of Digital Identity ...

EC publishes Communication on General Data Protection Regulation

On 24 January 2018 the European Commission  published a Communication to the European Parliament and the Council Stronger protection, new opportunities - Commission guidance on the direct application of the General Data Protection Regulation as of 25 May 2018. The Communication: details the opportunities new European data protection legislation will provide explains what the EC and ...

Italian DPA rules against “social spam”

On 29 November 2017, the Italian Data Protection Authority  once again decided against the malpractice of so-called “social spam”. In its last newsletter, the Garante clarified that email addresses available on a social networks cannot be used for marketing activities in absence of an explicit and specific consent of the data subject for the mentioned commercial ...

The Italian DPA issued its first guidelines on the GDPR

My article published on Lexology. Scenario On 28 April the Italian Data Protection Authority (“Garante”) issued its first guidance on the new provisions of the General Data Protection Regulation (“GDPR”), consisting of a schematic overview of the changes in the current legal framework and recommendations on how to face them. The Garante focused on six specific aspects: Lawfulness ...

Italian DPA releases GDPR Guide

On 28 April 2017 the Italian Data Protection Authority released a Guide for the implementation of the General Data Protection Regulation (Guida all'applicazione del Regolamento europeo in materia di protezione dei dati personali). The Guide provides an overview of the main aspects that should be considered with regards to EU Regulation 2016/679 before it is implemented ...

The Case of Standard Contractual Clauses: The Irish Data Protection Commissioner & Max Schrems

“The supervisory authorities should have the power to prohibit or suspend a data transfer or a set of transfers based on the standard contractual clauses in those exceptional cases where it is established that a transfer on contractual basis is likely to have a substantial adverse effect on the warranties and obligations providing adequate protection ...

Article 29 Working Party publishes Privacy Shield enforcement documents

The Article 29 Working Party is preparing for enforcement as the nine-month grace period for US Companies that self-certified before 30 September 2016 comes to an end on 30 June 2017. As of today there are a total of 1,750 organizations signed up to the EU-US Privacy Shield List, which applies to the transfer of all ...