Italian Data Protection Authority first semester 2018 inspection plan

On February 1st 2018 the Italian Data Protection Authority (DPA) published the inspection plan for the first semester of 2018. According to this inspection plan, the Italian DPA will focus its controls on processing activities of health data for research purposes, rating the solvency of enterprises, national statistical systems, the Italian Public System of Digital Identity ...

The Italian Data Protection Authority on DPOs in the public sphere

On December 15th 2017, the Italian Garante published the new “frequently asked questions” (FAQs) related to the Data Protection Officer (DPO) in the public sphere. The main aim of the FAQs is to respond to the major questions and concerns that arose during the meetings held in June 2017 between the Italian Public Administrations and the Garante. This document ...

Banks: Garante determines employees are not allowed to furtively view current accounts

On 22 June 2017, the Italian Data Protection Authority confirmed the unlawful processing of personal data by an Italian bank which permitted one of its employees to illicitly view and communicate current account data of one its clients to third parties. In the case at stake, an account holder argued before the Garante that specific data relating ...

The Italian DPA issued its first guidelines on the GDPR

My article published on Lexology. Scenario On 28 April the Italian Data Protection Authority (“Garante”) issued its first guidance on the new provisions of the General Data Protection Regulation (“GDPR”), consisting of a schematic overview of the changes in the current legal framework and recommendations on how to face them. The Garante focused on six specific aspects: Lawfulness ...

Italian DPA releases GDPR Guide

On 28 April 2017 the Italian Data Protection Authority released a Guide for the implementation of the General Data Protection Regulation (Guida all'applicazione del Regolamento europeo in materia di protezione dei dati personali). The Guide provides an overview of the main aspects that should be considered with regards to EU Regulation 2016/679 before it is implemented ...

Italian employers can no longer control employees’ e-mails and communications when private-professional use of corporate devices are allowed

Background information/scenario Since the publication of the Guidelines Applying to the Use of E-Mails and the Internet in the Employment Context, the Italian Data Protection Authority (“Garante”) has had more than one opportunity to state its view on the controls of IT devices provided to employees to perform their job. In the case at stake, a ...