The Italian code of conduct and professional practice applying to data processing for the purposes of commercial information (the "Code") enters into force on 1 October 2016.

Adoption of this code is encouraged by the Italian data protection authority within the framework of representative associations for the relevant industry sector pursuant to Sections 12 and 117 of the Italian Personal Data Protection Law (legislative decree no. 196/2003 of June 30, 2003).

These legislative provisions also provide that data processing in some sectors may also be self-regulated by private conduct codes approved by the DPA.

The Code applies to entities that collect and make available information about commercial reliability and highlights the duty to provide information prior to data being processed and to grant to the data subject access to their own data.

Data from public sources (e.g. public registers) or from sources available to the general public (e.g. public media) can be processed without consent. Otherwise, the data must be freely provided by the data subject.

The Code also provides that an operator can only process data if relevant and not excessive in relation to the purposes for which the data was collected and must keep its updated and keep track of the data source.

Although the Code only applies to professional processors and managers of databases of commercial information, it is of interest more generally. Firstly, to make organisations that are the subject of commercial information aware of the obligations owed to them and secondly, it provides useful good practice guidance for any organisation that processes commercial or other information.

The Code can be accessed here (Italian).

Submitted by Aldo Feliciani of Studio Legale Bonora e Associati – Milan, Italy, in partnership with DAC Beachcroft LLP