Publication of the legislative decree of harmonization to the GDPR: news on labour, sanctions and small and medium-sized enterprises

Publication of the legislative decree of harmonization to the GDPR: news on labour, sanctions and small and medium-sized enterprises

By Damiana Lesce, Paola Lonigro and Valeria De Lucia

On 4 September 2018, Legislative Decree no. 101/2018 was enacted to give harmonization of the national legislation to the EU Regulation no. 679 of 2016 (“GDPR”). The general part of the Italian
Privacy Code is almost completely replaced by the provisions of the regulations. Therefore, the rules on principles, legal bases of compensation, information and prior consent are repealed and replaced by European ones. As for the special part of the Privacy Code, below is a summary of the main news, starting from those in labour law.
    The information pursuant to art. 13 GDPR must be provided at the time of the “first contact”, following the sending of the curriculum. The consent of the candidate to the processing of personal data contained in the curriculum is not required.
    The discipline is expressly made in art. 4 of the Workers’ Statute of Rights (as amended in 2015 by the Jobs Act).
    Consent can be expressed at the age of 14. Below this threshold, consent will be given by those who exercise parental responsibility.
    The Legislator has decided to guarantee the continuity without prejudice, for a transitional period, the provisions of the Guarantor and the authorizations, which will be the subject of subsequent review. The Guarantor for the protection of personal data, will issue ethical rules concerning the processing of personal data in some sectors (work, journalism, statistics and scientific research), involving stakeholders and carrying out a public consultation.
    The privacy obligations for SMEs will be simplified. The Guarantor for the protection of personal data promotes simplified procedures for the fulfillment of the obligations of the data controller.
    The Italian legislator has decided to make use of the right, granted by the GDPR to all Member States, to provide for criminal sanctions for certain violations of the privacy legislation, which are in addition to the severe administrative sanctions provided for in the regulation. They are criminally sanctioned for:
  • illicit processing of personal data;
  • fraudulent acquisition of personal data processed on a large scale;
  • the communication and illicit dissemination of personal data being processed on a large scale;
  • false statements made to the Guarantor;
  • failure to comply with the provisions of the Guarantor;
  • The violation of paragraph 1 of the art. 4 of the Worker’s Statute of Rights

Related Posts

Remote Working or Plato’s…

by Federico Manfredi - Forbes, October 23 2020 Remote working has been at the centre of media attention for months, becoming a matter of discussion across almost all industrial and…
Read more

Unclear rules, disputes on…

by Valeria De Lucia If in the next few months there is no concrete revival of the economy and a full recovery of business activity - says the labour lawyer…
Read more

The potential of remote…

by Salvatore Trifirò – Il Sole 24 Ore, 01/09/2020   During the 80s in Italy, some enterprising entrepreneurs so-called atypical forms of autonomous work (pony express and door-to-door sales) were…
Read more