Garante Privacy: “Taking Stock Of The First 4 Months Of Implementing The GDPR”

According to the Italian DPA, the Garante Privacy, as of 28 September 2018, four months after the GDPR became fully applicable in Italy: 40,738 appointed DPO's contact information was communicated 2,547 complaints and reports were received 305 data breach notifications were made 7,200 requests to the Garante's font office were made These numbers show a significant ...

Italian DPA prohibits companies from using software that monitors employees

On 8 March 2018, the Italian Data Protection Authority banned any further processing activities of the Customer Care employees’ data, carried out by an important Italian telecommunication company through a software (namely, Salesforce Arcadia) that handled the calls to subscribers. The software not only processed n data related to the calls of the customers and their ...

The Italian Garante on the Data Protection Officer in the private sphere

On 26 March 2018, the Italian Data Protection Authority published its new “frequently asked questions”  related to the figure of the Data Protection Officer (DPO) in the private sphere. The FAQs are a useful tool that can provide addition clarification regarding the figure of DPO together with the Article 29 Working Party (“WP29”) Opinion on ...

Italian Data Protection Authority first semester 2018 inspection plan

On February 1st 2018 the Italian Data Protection Authority (DPA) published the inspection plan for the first semester of 2018. According to this inspection plan, the Italian DPA will focus its controls on processing activities of health data for research purposes, rating the solvency of enterprises, national statistical systems, the Italian Public System of Digital Identity ...

The Italian Data Protection Authority on DPOs in the public sphere

On December 15th 2017, the Italian Garante published the new “frequently asked questions” (FAQs) related to the Data Protection Officer (DPO) in the public sphere. The main aim of the FAQs is to respond to the major questions and concerns that arose during the meetings held in June 2017 between the Italian Public Administrations and the Garante. This document ...

Banks: Garante determines employees are not allowed to furtively view current accounts

On 22 June 2017, the Italian Data Protection Authority confirmed the unlawful processing of personal data by an Italian bank which permitted one of its employees to illicitly view and communicate current account data of one its clients to third parties. In the case at stake, an account holder argued before the Garante that specific data relating ...

The Italian DPA issued its first guidelines on the GDPR

My article published on Lexology. Scenario On 28 April the Italian Data Protection Authority (“Garante”) issued its first guidance on the new provisions of the General Data Protection Regulation (“GDPR”), consisting of a schematic overview of the changes in the current legal framework and recommendations on how to face them. The Garante focused on six specific aspects: Lawfulness ...

Italian DPA releases GDPR Guide

On 28 April 2017 the Italian Data Protection Authority released a Guide for the implementation of the General Data Protection Regulation (Guida all'applicazione del Regolamento europeo in materia di protezione dei dati personali). The Guide provides an overview of the main aspects that should be considered with regards to EU Regulation 2016/679 before it is implemented ...

Italian employers can no longer control employees’ e-mails and communications when private-professional use of corporate devices are allowed

Background information/scenario Since the publication of the Guidelines Applying to the Use of E-Mails and the Internet in the Employment Context, the Italian Data Protection Authority (“Garante”) has had more than one opportunity to state its view on the controls of IT devices provided to employees to perform their job. In the case at stake, a ...