The expected legislative decree for the adaptation of the national legislation to the General Data Protection Regulation (GDPR) was finally published.
The Legislative Decree 10 August 2018, n. 101 - issued in implementation of Article 13 of the 2016-2017 European Delegation Act (Law 25 October 2017, 163) - is aimed at harmonizing the Privacy Code with European legislation, which became fully operational as of 25 May.
The Privacy Code is not completely repealed (as assumed in the first formulation of the decree) but remains in force, with the changes aimed at harmonizing it with the principles set out in the General Data Protection Regulation, first of all to that of accountability.
The provision provides that the Privacy Guarantor establishes simplified procedures for the fulfillment of the obligations of the data controller with regard to micro, small and medium-sized enterprises.
The provisions of the Privacy Guarantor continue to apply, as compatible with the GDPR and with the same decree.
For the first eight months from the date of entry into force of the decree, the Privacy Guarantor must take into account, for the application of administrative sanctions and in so far as it is compatible with the provisions of the GDPR, the first application phase of the provisions sanctions.