The Italian Council of Ministers has on 8th August 2018 approved a decree which integrates GDPR into Italian Privacy law. The Decree will have to be published to the Italian Official Gazette to come into force.

The GDPR will overwrite part of the Italian Privacy Code (decreto legislativo n. 196/2003), it reformulates the duties and powers of the Italian DPA (Garante per la per il trattamento dei dati personali) and redefines the rules around administrative and criminal sanctions for breaches of the law.

The decisions and the authorizations previously issued by the Garante will remain in place as well as the “Ethical Codes” provided by the Authority. Those measures will be re-examined at a later stage.

In order to facilitate the compliance to the GDP especially for small and medium enterprises, the Garante will allow a transition period of 8 months before starting with the investigations, in line with the behaviour of other European DPAs.

In an effort to support the compliance and in agreement to GDPR , the Garante will also promote simplified measures addressed to small and medium enterprises. Nevertheless for many companies the process of compliance to GDPR already started some time ago.

In order to analyse the full text of the Decree and its specificities, we should wait for the publication to the Gazette.