Guidelines for practical implementation of the GDPR issued by the Italian DPA

Garante-privacy 2

The Italian Data Protection Authority, Garante per la privacy issued Guidelines for the implementation of Regulation EU/2016/679 on Personal Data Protection (GDPR).

The DPA suggests some actions that can be carried out right away to comply with the GDPR and provides a general overview of the major innovations introduced by the legislation.

The guidelines are divided into 6 thematic sections:

  • Principles of lawfulness of the processing (Article 6, GDPR);
  • Information and access to personal data (Article 12 and 13, GDPR);
  • Data subject rights (Articles 15-22, 28, GDPR);
  • Controller, processor, data protection officer (Articles 26, 28, 29, 82, 30, and 37, GDPR);
  • Accountability principle, data protection by default and by design, impact assessment and prior consultation (Articles 23-25, 35-37, GDPR);
  • Transfer of personal data to a third country or international organizations (Articles 40, 43, 44-49, 65, GDPR).

Each section explains what are the changes and what will remain the same after the GDPR enters into force

The Guidelines are available (in Italian) at…

For more information on privacy issues, contact Francesca Giannoni-Crystal.

Follow us on& Like us on