Back to Frameworks

Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)

Italy
v2003 (amended 2018 for GDPR)
8 domains
8 controls

Italy's Personal Data Protection Code (Codice in materia di protezione dei dati personali, Legislative Decree No. 196/2003) was substantially amended by Legislative Decree No. 101/2018 to align with the GDPR. The Garante per la protezione dei dati personali (Italian Data Protection Authority) oversees enforcement. The Code retains significant national provisions alongside the GDPR, including rules on health data, employment data, journalistic processing, video surveillance, and marketing. The Garante is one of the most experienced DPAs in Europe, established in 1997.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (8)

Italy Codice Cross-Border + Retention

1 controls
Controls in the Italy Codice Cross-Border + Retention domain of Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)1 controls
CodeTitle
ItalyCodice-CrossBorder-Transfer-Adequacy-SCCs-BCRs-Retention-ItalianSectorRules-EUDataActItaly Codice Cross-Border Transfer + EU Adequacy + Standard Contractual Clauses + Binding Corporate Rules + EU Data Act + Italian Sector Retention Rules + Schrems II + Transfer Impact Assessment

Italy Codice Data Subject Rights

1 controls
Controls in the Italy Codice Data Subject Rights domain of Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)1 controls
CodeTitle
ItalyCodice-DataSubjectRights-Limitations-Deceased-Minors-14-Years-Italian-2undecies-2duodecies-2terdeciesItaly Codice Data Subject Rights + Article 2-undecies Limitations + Article 2-duodecies Deceased Persons Rights + Article 2-terdecies Minors Rights (14 Years Consent Age) + GDPR Articles 15-22 + Italian Civil Procedure Remedies

Italy Codice Garante + Enforcement

1 controls
Controls in the Italy Codice Garante + Enforcement domain of Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)1 controls
CodeTitle
ItalyCodice-Garante-Enforcement-AdministrativeSanctions-Criminal-Art166-167-170-20MEUR-Coord-EDPBItaly Codice Garante Authority + Article 140-bis + Article 144 Complaints + Article 166 Administrative Sanctions up to EUR 20M/4% + Article 167 Criminal Offences + Article 170 Failure to Comply with Garante Orders + EDPB Coordination

Italy Codice Lawful Basis + Notice

1 controls
Controls in the Italy Codice Lawful Basis + Notice domain of Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)1 controls
CodeTitle
ItalyCodice-LawfulBasis-Notice-Italian-Language-Public-Bodies-Consent-2bis-2ter-Article6-GDPRItaly Codice Lawful Basis + GDPR Article 6 + Italian-Specific 2-bis Legal Basis + 2-ter Public Bodies + Notice in Italian Language + Consent + Italian-Specific Derogations + Data Subject Rights Handling

Italy Codice Scope + GDPR Implementation

1 controls
Controls in the Italy Codice Scope + GDPR Implementation domain of Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)1 controls
CodeTitle
ItalyCodice-Scope-LegDec196-2003-Amendment101-2018-GDPR-Implementation-Garante-Constitution-Art21Italy Codice Privacy Scope - Legislative Decree No. 196 of 30 June 2003 (Codice in materia di protezione dei dati personali) + Amendment by Legislative Decree No. 101 of 10 August 2018 + GDPR Implementation in Italy + Garante per la Protezione dei Dati Personali + Italian Constitution Article 21 + Civil Code Article 6

Italy Codice Security + DPO

1 controls
Controls in the Italy Codice Security + DPO domain of Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)1 controls
CodeTitle
ItalyCodice-Security-CPO-DPO-PublicBodies-BreachNotification-Art31-34-DPIA-ROPA-JointControllers-ProcessorsItaly Codice Security - Article 31 Designation of CPO + Italian DPO Requirements + DPO Mandatory for Public Bodies + Article 34 Breach Notification + DPIA + ROPA + Joint Controllers + Processors + Italian-Specific Requirements

Italy Codice Special Categories

1 controls
Controls in the Italy Codice Special Categories domain of Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)1 controls
CodeTitle
ItalyCodice-SpecialCategories-Health-Workplace-Education-ScientificResearch-HistoricalResearch-Art75-92-96-99-101Italy Codice Special Categories + Article 75 Administrative Fines + Article 92 Medical Records + Article 96 Education + Article 99 Scientific Research + Article 101 Historical Research + Workplace Privacy + Worker Monitoring Article 4 Workers Statute

Italy Codice ePrivacy

1 controls
Controls in the Italy Codice ePrivacy domain of Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)1 controls
CodeTitle
ItalyCodice-ePrivacy-Cookies-ElectronicCommunications-Telemarketing-PublicOpposition-TrafficDataRetention-Art121-122-130-132Italy Codice ePrivacy - Article 121 Electronic Communications + Article 122 Cookies and Tracking + Article 130 Unsolicited Direct Marketing + Article 132 Traffic Data Retention + Italian Public Opposition Register (Registro delle Opposizioni)

Your Compliance Coverage

If you comply with Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018), you already cover:

Maps to 77 other frameworks

8 total controls
ISO/IEC 27400:2022
4 source controls mapped|7 target controls covered
50%
Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018)
4 source controls mapped|8 target controls covered
50%
50%
Azerbaijan Law on Personal Data (2010)
4 source controls mapped|5 target controls covered
50%
50%
Florida Digital Bill of Rights (FDBR)
4 source controls mapped|3 target controls covered
50%
FTC GLBA Safeguards Rule (16 CFR Part 314)
4 source controls mapped|2 target controls covered
50%
Vermont Artificial Intelligence and Consumer Data Act (AICDA)
3 source controls mapped|2 target controls covered
38%
Russia Federal Law on Personal Data (152-FZ)
3 source controls mapped|2 target controls covered
38%
Privacy Act 1988 (Australia)
3 source controls mapped|4 target controls covered
38%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
3 source controls mapped|5 target controls covered
38%
ISO/IEC 29134:2023
3 source controls mapped|5 target controls covered
38%
ISO/IEC 27014:2020
3 source controls mapped|4 target controls covered
38%
ISO/IEC 29100:2024
3 source controls mapped|6 target controls covered
38%
APPI
3 source controls mapped|5 target controls covered
38%
ISO/IEC 38500:2024 - Governance of IT
3 source controls mapped|4 target controls covered
38%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
3 source controls mapped|3 target controls covered
38%
FedRAMP Rev 5
3 source controls mapped|3 target controls covered
38%
Family Educational Rights and Privacy Act (FERPA)
3 source controls mapped|4 target controls covered
38%
38%
IEEE 7000
3 source controls mapped|2 target controls covered
38%
India DPDP Act
3 source controls mapped|2 target controls covered
38%
Indonesia PDP Law
3 source controls mapped|2 target controls covered
38%
Israel Protection of Privacy Law (5741-1981)
3 source controls mapped|4 target controls covered
38%
AWS Well-Architected Security Pillar
3 source controls mapped|4 target controls covered
38%
ISO/IEC 27011:2024
3 source controls mapped|6 target controls covered
38%
Azure Security Benchmark
3 source controls mapped|4 target controls covered
38%
ISMAP (Japan)
3 source controls mapped|2 target controls covered
38%
Iowa Consumer Data Protection Act
3 source controls mapped|2 target controls covered
38%
Indiana Consumer Data Protection Act
3 source controls mapped|1 target controls covered
38%
ICH E6(R3) - Good Clinical Practice
3 source controls mapped|2 target controls covered
38%
Law on Personal Data Protection (Official Gazette No. 42/2020)
2 source controls mapped|1 target controls covered
25%
Australian Privacy Principles (APPs)
2 source controls mapped|3 target controls covered
25%
Armenia Law on Protection of Personal Data (2015)
2 source controls mapped|3 target controls covered
25%
Global Cross-Border Privacy Rules (Global CBPR) Forum
2 source controls mapped|1 target controls covered
25%
Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486)
2 source controls mapped|2 target controls covered
25%
ISO/IEC 29147:2018
2 source controls mapped|4 target controls covered
25%
NIST AI Risk Management Framework (AI RMF 1.0)
2 source controls mapped|3 target controls covered
25%
FATF Recommendation 16 - Virtual Asset Travel Rule
2 source controls mapped|2 target controls covered
25%
French Sapin II Law (Law No. 2016-1691)
2 source controls mapped|2 target controls covered
25%
ASD Strategies to Mitigate Cyber Security Incidents
2 source controls mapped|1 target controls covered
25%
Georgia Law on Personal Data Protection (2012)
2 source controls mapped|1 target controls covered
25%
FDA 21 CFR Part 11
2 source controls mapped|3 target controls covered
25%
USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement)
2 source controls mapped|2 target controls covered
25%
South Korea PIPA
1 source controls mapped|1 target controls covered
13%
GAMP 5 - Good Automated Manufacturing Practice
1 source controls mapped|2 target controls covered
13%
SWIFT CSCF
1 source controls mapped|1 target controls covered
13%
PCAOB AS 2201 - Audit of Internal Control Over Financial Reporting (ICFR)
1 source controls mapped|2 target controls covered
13%
OWASP ASVS
1 source controls mapped|1 target controls covered
13%
ISO 19011
1 source controls mapped|2 target controls covered
13%
13%
ISO 31000:2018
1 source controls mapped|1 target controls covered
13%
ISO/IEC 30111:2019
1 source controls mapped|3 target controls covered
13%
ISO/IEC 27004:2016
1 source controls mapped|3 target controls covered
13%
ISO/IEC 29115:2023 - Entity Authentication Assurance Framework
1 source controls mapped|1 target controls covered
13%
ASIS SPC.1-2009 - Organizational Resilience Standard
1 source controls mapped|1 target controls covered
13%
IEC 62351 - Power Systems Communication Security
1 source controls mapped|1 target controls covered
13%
21 CFR Part 58 - Good Laboratory Practice (GLP)
1 source controls mapped|2 target controls covered
13%
ISO/IEC 27007:2020
1 source controls mapped|1 target controls covered
13%
ISO/IEC 27031:2011
1 source controls mapped|1 target controls covered
13%
IEC 60601-1 - Medical Electrical Equipment Safety
1 source controls mapped|2 target controls covered
13%
BRCGS Global Standard for Food Safety Issue 9
1 source controls mapped|3 target controls covered
13%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
1 source controls mapped|1 target controls covered
13%
Illinois Biometric Information Privacy Act (BIPA)
1 source controls mapped|1 target controls covered
13%
ISO/IEC 27050 - Electronic Discovery (Parts 1-4)
1 source controls mapped|1 target controls covered
13%
FDA Quality Management System Regulation (QMSR)
1 source controls mapped|1 target controls covered
13%
IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)
1 source controls mapped|1 target controls covered
13%
ICH Q10 - Pharmaceutical Quality System
1 source controls mapped|2 target controls covered
13%
IATF 16949:2016 - Quality Management System for Automotive Production
1 source controls mapped|2 target controls covered
13%
IATA Operational Safety Audit (IOSA) Standards Manual
1 source controls mapped|1 target controls covered
13%
HKMA SPM
1 source controls mapped|1 target controls covered
13%
HKMA Cyber Resilience Assessment Framework (C-RAF)
1 source controls mapped|1 target controls covered
13%
GLI-33 - Gaming Laboratories International Event Wagering Systems
1 source controls mapped|1 target controls covered
13%
GLBA
1 source controls mapped|1 target controls covered
13%

Frequently Asked Questions

What is Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)?

Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) is a compliance framework from Italy with 8 domains and 8 controls. Italy's Personal Data Protection Code (Codice in materia di protezione dei dati personali, Legislative Decree No. 196/2003) was substantially amended by Legislative Decree No. 101/2018 to align with the GDPR. The Garante per la protezione dei dati personali (Italian Data Protection Authority) oversees enforcement. The Code retains significant national provisions alongside the GDPR, including rules on health data, employment data, journalistic processing, video surveillance, and marketing. The Garante is one of the most experienced DPAs in Europe, established in 1997. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) have?

Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) has 8 controls organised across 8 domains. The largest domains are Italy Codice Cross-Border + Retention (1 controls), Italy Codice Data Subject Rights (1 controls), Italy Codice Garante + Enforcement (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) map to?

Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) maps to 77 other compliance frameworks. The top mapping partners are ISO/IEC 27400:2022 (50% coverage), Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018) (50% coverage), Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014) (50% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) compliance?

Start your Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.

Get Started Free →

Free forever — no credit card required