Privacy Laws

Italian data protection compared to the GDPR

The flag of Italy with Rome in the background.
© alexmu / | #144163629

General overview

Italian legislators have extensively utilized the so-called "opening clauses" of the GDPR. The Italian Data Protection Code specifies several data protection topics that companies should be aware of, such as unsolicited applications, genetic, biometric, and health data. Additionally, it comprehensively regulates data protection sanctions and penalties.

GDPR opening clauses

Italy has made use of the opening clauses to establish specific regulations for data processing in the public sector, data processing for scientific purposes, and data processing in healthcare.

Key differences and national specifics

Specific data protection laws and official guidelines

Italy has specific data protection laws and official guidelines. These provide detailed information and guidance for compliance with data protection regulations in Italy.

Legal basis and sensitive data

In Italy, there are specific regulations regarding the legal basis for data processing and the processing of sensitive data. Companies must ensure that they inform data subjects adequately about the processing of their data.

E-Marketing and cookies

Italy has regulations pertaining to e-marketing and the handling of cookies. It is important to note that a new regulation through the ePrivacy Regulation is still pending.

Data subject rights

The rights of data subjects in Italy are extensively regulated. Companies should ensure that they respect these rights.

Data Protection Impact Assessment (DPIA) and Data Protection Officer (DPO)

Companies in Italy should ensure that they conduct DPIAs in accordance with Italian regulations. Additionally, there are regulations regarding the appointment of a Data Protection Officer.


Italy has adopted many of the GDPR guidelines but has also introduced some national peculiarities. Companies operating in Italy or conducting business with Italian citizens should ensure that they fully understand and comply with both the GDPR and the Italian Data Protection Code.