Publication of the legislative decree of harmonization to the GDPR: news on labour, sanctions and small and medium-sized enterprises

Publication of the legislative decree of harmonization to the GDPR: news on labour, sanctions and small and medium-sized enterprises

By Damiana Lesce, Paola Lonigro and Valeria De Lucia

On 4 September 2018, Legislative Decree no. 101/2018 was enacted to give harmonization of the national legislation to the EU Regulation no. 679 of 2016 (“GDPR”). The general part of the Italian
Privacy Code is almost completely replaced by the provisions of the regulations. Therefore, the rules on principles, legal bases of compensation, information and prior consent are repealed and replaced by European ones. As for the special part of the Privacy Code, below is a summary of the main news, starting from those in labour law.
    The information pursuant to art. 13 GDPR must be provided at the time of the “first contact”, following the sending of the curriculum. The consent of the candidate to the processing of personal data contained in the curriculum is not required.
    The discipline is expressly made in art. 4 of the Workers’ Statute of Rights (as amended in 2015 by the Jobs Act).
    Consent can be expressed at the age of 14. Below this threshold, consent will be given by those who exercise parental responsibility.
    The Legislator has decided to guarantee the continuity without prejudice, for a transitional period, the provisions of the Guarantor and the authorizations, which will be the subject of subsequent review. The Guarantor for the protection of personal data, will issue ethical rules concerning the processing of personal data in some sectors (work, journalism, statistics and scientific research), involving stakeholders and carrying out a public consultation.
    The privacy obligations for SMEs will be simplified. The Guarantor for the protection of personal data promotes simplified procedures for the fulfillment of the obligations of the data controller.
    The Italian legislator has decided to make use of the right, granted by the GDPR to all Member States, to provide for criminal sanctions for certain violations of the privacy legislation, which are in addition to the severe administrative sanctions provided for in the regulation. They are criminally sanctioned for:
  • illicit processing of personal data;
  • fraudulent acquisition of personal data processed on a large scale;
  • the communication and illicit dissemination of personal data being processed on a large scale;
  • false statements made to the Guarantor;
  • failure to comply with the provisions of the Guarantor;
  • The violation of paragraph 1 of the art. 4 of the Worker’s Statute of Rights

Related Posts

Commitment and Engagement: New…

There has been much discussion in recent months about the Great Resignation phenomenon  which has revealed a constant increase in resignations in many sectors, including in the Italian labour market.…
Read more

The importance of the…

Mariapaola Rovetta Lawyer The company Code of Ethics governs many aspects of company life. The rules included in it have the purpose of guaranteeing values ??such as equality, fairness, confidentiality,…
Read more

New Applications for Remote…

by Federico Manfredi and Rebecca Pala Remote working has revealed itself to be a revolution in the methods of execution and management of the employment relationship, destined to stabilize on…
Read more