Garante per la protezione dei dati personali (Italy)

From GDPRhub
Garante per la protezione dei dati personali
LogoIT.png
Name: Garante per la protezione dei dati personali
Abbreviation : Garante
Jurisdiction: Italy
Head: Antonello Soro
Deputy: n/a
Adress: Piazza Venezia 11

00187 Rome, Italy

Webpage: www.garanteprivacy.it
Email: garante@gpdp.it
Phone: +39 06 69677 1
Twitter: n/a
Procedural Law: n/a
Decision Database: n/a
Translated Decisions: Category:Garante per la protezione dei dati personali (Italy)
Head Count: 170 (Jan 2019)[1]
Budget: € 39,362,273.00 (2019)[2]

The Italian Data Protection Authority (Garante per la protezione dei dati personali) resides in Rome and is in charge of enforcing GDPR and Directive 2002/58/CE (e-Privacy Directive) in Italy.

Structure[edit | edit source]

The Garante is a collegiate body of four members who are elected by Parliament for a seven-year term. The authority has an office in Rome with a staff currently numbering about 125 people.

The Panel of the Italian DPA is currently composed of Antonello Soro (President), Augusta Iannini (Vice-President), Giovanna Bianchi Clerici (Member) and Licia Califano (Member). Giuseppe Busia is currently Secretary General to the DPA.

The Italian Parliament scheduled the election of the new Panel for the 18 February 2020.

Procedural Information[edit | edit source]

Applicable Procedural Law[edit | edit source]

The Garante operates under the GDPR and the national Data Protection Act ("Codice per la protezione dei dati personali" or "Codice]").

For those aspects which are not regulated directly by the GDPR, or the Codice, the Garante adopts its own administrative regulations published in the Official Gazette of the Italian Republic (see, Articles 142 and 156(3)(a) of the Codice). On 4 April 2019 the DPA adopted two different administrative regulations.

The Regolamento n. 1/2019 ("Regolamento concernente le procedure interne aventi rilevanza esterna, finalizzate allo svolgimento dei compiti e all’esercizio dei poteri demandati al Garante per la protezione dei dati personali") regulates the procedure before the Garante. For example, Article 3 reiterates the general principles of fairness and transparency of the proceeding before the DPA. Article 12 ensures a right of the parties to access documents and file submissions.

The Regolamento n. 2/2019 ("Regolamento n. 2/2019, concernente l'individuazione dei termini e delle unità organizzative responsabili dei procedimenti amministrativi presso il Garante per la protezione dei dati personali") provides for specific time-limits with regard to the different types of proceedings the DPA is competent for. Particularly important are Tabella A and B attached to the Regolamento.

Complaints Procedure under Art 77 GDPR[edit | edit source]

Under Article 142 of the Code, all complaints shall provide an indication of the facts and circumstances on which it is based, the provisions that are assumed to have been violated and the corrective measures requested, as well as the identification of the data controller or data processor, where known. If possible, the complaint shall contain attached documents relevant to its assessment and shall indicate an address for sending communications, including by e-mail, fax or telephone.

The complaint shall be signed by the data subject or, on his or her behalf, by a third sector body which has been constituted in compliance with D.Lgs. 117/17.

In general terms, the Garante shall decide the matter within 9 months upon receipt of the complaint. During the proceeding, the DPA shall inform the data subject on the progress. If the investigation is particularly complex the term can be extended up to 12 months. However, in this case, the Garante must motivate the complexity and communicate it to the data subjects . In case of cooperation procedure, such terms are suspended until the procedure is completed (for reference, see Article 143 of the Code).

However, detailed time-limits can be found in Regolamento n. 2/2019 cited above.

Ex Officio Procedures under Art 57 GDPR[edit | edit source]

Under Article 154 of the Code, the Garante can run ex officio procedures out of its own motion.

Appeals[edit | edit source]

Appeals against decisions by the Italian Garante can be taken by the parties concerned before the civil court (Article 152 of the Code, which makes a reference to Article 10, D.lgs. 150/11).

Practical Information[edit | edit source]

For most data protection claims against a controller and for complaints to the Garante standard forms (in Italian) are provided at https://www.garanteprivacy.it/.

The Garante's decisions are accessible on in its website (in Italian). Most important decisions are also available in English (https://www.garanteprivacy.it/web/guest/home_en/main-decisions).

Statistics[edit | edit source]

You can help us filling this section!

References[edit | edit source]

EU/EEA's Data Protection Authorities
Austria · Belgium · Bulgaria · Croatia · Cyprus · Czech Republic · Denmark · Estonia · Finland · France · Germany (Brandenburg · Berlin · Baden-Württemberg · Bavaria · Bremen · Hesse · Hamburg · Mecklenburg-Vorpommern · Lower Saxony · North Rhine-Westphalia · Rhineland-Palatinate · Schleswig-Holstein · Saarland · Saxony · Saxony-Anhalt · Thuringia) · Greece · Hungary · Ireland · Italy · Latvia · Lithuania · Luxembourg · Malta · Netherlands · Poland · Portugal · Romania · Slovakia · Slovenia · Spain · Sweden · United Kingdom
Iceland · Liechtenstein · Norway EDPS · EDPB