Background

On march 21st 2018 the Council of Ministers in Rome has adopted a draft decree (hereinafter, the “Decree”) which will lead to the repeal of the current Italian Data Protection Code (“Data Protection Code”) in order to adapt existing national legislation in light of the EU General Data Protection Regulation (“GDPR”). Once final approval is given, the Decree together with the GDPR will form the new regulatory framework in the field of data protection in Italy.

Main issues

By virtue of Article 13 of the bill for the implementation of EU law (“Implementation Law”) adopted on November 21st 2017, the Government was delegated to align the national legal framework on data protection with the GDPR. The harmonizing act has become necessary due to the incompatibility between some of the provisions of the current Data Protection Code and the GDPR. Therefore, the Decree will repeal incompatible national provisions on the one hand and introduce more specific provisions on the other, insofar as this was granted to the Member States on the basis of the GDPR.

Practical implications / Next steps

Now, once the competent parliamentary committees are constituted, they shall adopt an opinion on the draft decree, which will then pass on to national Data Protection Authority assessment (“Garante”). However, the whole process shall be concluded by May 21st, date on which the delegation powers obtained by means of the Implementation Law are going to expire.