Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)
Italy's Personal Data Protection Code (Codice in materia di protezione dei dati personali, Legislative Decree No. 196/2003) was substantially amended by Legislative Decree No. 101/2018 to align with the GDPR. The Garante per la protezione dei dati personali (Italian Data Protection Authority) oversees enforcement. The Code retains significant national provisions alongside the GDPR, including rules on health data, employment data, journalistic processing, video surveillance, and marketing. The Garante is one of the most experienced DPAs in Europe, established in 1997.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (8)
Italy Codice Cross-Border + Retention
| Code | Title |
|---|---|
| ItalyCodice-CrossBorder-Transfer-Adequacy-SCCs-BCRs-Retention-ItalianSectorRules-EUDataAct | Italy Codice Cross-Border Transfer + EU Adequacy + Standard Contractual Clauses + Binding Corporate Rules + EU Data Act + Italian Sector Retention Rules + Schrems II + Transfer Impact Assessment |
Italy Codice Data Subject Rights
| Code | Title |
|---|---|
| ItalyCodice-DataSubjectRights-Limitations-Deceased-Minors-14-Years-Italian-2undecies-2duodecies-2terdecies | Italy Codice Data Subject Rights + Article 2-undecies Limitations + Article 2-duodecies Deceased Persons Rights + Article 2-terdecies Minors Rights (14 Years Consent Age) + GDPR Articles 15-22 + Italian Civil Procedure Remedies |
Italy Codice Garante + Enforcement
| Code | Title |
|---|---|
| ItalyCodice-Garante-Enforcement-AdministrativeSanctions-Criminal-Art166-167-170-20MEUR-Coord-EDPB | Italy Codice Garante Authority + Article 140-bis + Article 144 Complaints + Article 166 Administrative Sanctions up to EUR 20M/4% + Article 167 Criminal Offences + Article 170 Failure to Comply with Garante Orders + EDPB Coordination |
Italy Codice Lawful Basis + Notice
| Code | Title |
|---|---|
| ItalyCodice-LawfulBasis-Notice-Italian-Language-Public-Bodies-Consent-2bis-2ter-Article6-GDPR | Italy Codice Lawful Basis + GDPR Article 6 + Italian-Specific 2-bis Legal Basis + 2-ter Public Bodies + Notice in Italian Language + Consent + Italian-Specific Derogations + Data Subject Rights Handling |
Italy Codice Scope + GDPR Implementation
| Code | Title |
|---|---|
| ItalyCodice-Scope-LegDec196-2003-Amendment101-2018-GDPR-Implementation-Garante-Constitution-Art21 | Italy Codice Privacy Scope - Legislative Decree No. 196 of 30 June 2003 (Codice in materia di protezione dei dati personali) + Amendment by Legislative Decree No. 101 of 10 August 2018 + GDPR Implementation in Italy + Garante per la Protezione dei Dati Personali + Italian Constitution Article 21 + Civil Code Article 6 |
Italy Codice Security + DPO
| Code | Title |
|---|---|
| ItalyCodice-Security-CPO-DPO-PublicBodies-BreachNotification-Art31-34-DPIA-ROPA-JointControllers-Processors | Italy Codice Security - Article 31 Designation of CPO + Italian DPO Requirements + DPO Mandatory for Public Bodies + Article 34 Breach Notification + DPIA + ROPA + Joint Controllers + Processors + Italian-Specific Requirements |
Italy Codice Special Categories
| Code | Title |
|---|---|
| ItalyCodice-SpecialCategories-Health-Workplace-Education-ScientificResearch-HistoricalResearch-Art75-92-96-99-101 | Italy Codice Special Categories + Article 75 Administrative Fines + Article 92 Medical Records + Article 96 Education + Article 99 Scientific Research + Article 101 Historical Research + Workplace Privacy + Worker Monitoring Article 4 Workers Statute |
Italy Codice ePrivacy
| Code | Title |
|---|---|
| ItalyCodice-ePrivacy-Cookies-ElectronicCommunications-Telemarketing-PublicOpposition-TrafficDataRetention-Art121-122-130-132 | Italy Codice ePrivacy - Article 121 Electronic Communications + Article 122 Cookies and Tracking + Article 130 Unsolicited Direct Marketing + Article 132 Traffic Data Retention + Italian Public Opposition Register (Registro delle Opposizioni) |
Your Compliance Coverage
If you comply with Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018), you already cover:
ISO/IEC 27400:2022
50%
4 controls mapped
Compare →Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018)
50%
4 controls mapped
Compare →Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014)
50%
4 controls mapped
Compare →+ 74 more: Azerbaijan Law on Personal Data (2010) (50%), Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL) (50%)
See all 77 mapped frameworks ↓Maps to 77 other frameworks
Frequently Asked Questions
What is Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)?
Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) is a compliance framework from Italy with 8 domains and 8 controls. Italy's Personal Data Protection Code (Codice in materia di protezione dei dati personali, Legislative Decree No. 196/2003) was substantially amended by Legislative Decree No. 101/2018 to align with the GDPR. The Garante per la protezione dei dati personali (Italian Data Protection Authority) oversees enforcement. The Code retains significant national provisions alongside the GDPR, including rules on health data, employment data, journalistic processing, video surveillance, and marketing. The Garante is one of the most experienced DPAs in Europe, established in 1997. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) have?
Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) has 8 controls organised across 8 domains. The largest domains are Italy Codice Cross-Border + Retention (1 controls), Italy Codice Data Subject Rights (1 controls), Italy Codice Garante + Enforcement (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) map to?
Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) maps to 77 other compliance frameworks. The top mapping partners are ISO/IEC 27400:2022 (50% coverage), Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018) (50% coverage), Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014) (50% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) compliance?
Start your Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required