Home

Internal

Global

Contatto

Rödl & Partner ha prestato la propria consulenza per il perfezionamento dell'acquisizione del Gruppo italiano FGV da parte di Hettich |

In tutto il mondo

Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.

The Italian Data Protection Authority’s inspection plan for the first half of 2023 has been issued: the main points

published on 23 March 2023 | reading time approx. 3 minutes

On 23 January 2023, the Authority for the Protection of Personal Data announced what will be the prioritized issues in the context of its investigative activities, carried out also through the Italian financial police.

With this plan, the Authority has released its usual "warning" that, every six months, the Italian Authority publishes for all subjects involved that process personal data, as Data Controllers or Data Processors.

Particularly, The Authority announced that it will concentrate its activities in the following macro-areas:

As a matter of priority, going ahead with the inspection activities already started during the second half of 2022 with particular regard to a) checks on digital identity managers and service providers using SPID and CIE (also for professional use or for minors) in the context of online services offered also through APP by public administrations; b) checks on the correct implementation of the Guidelines on cookies and other tracking tools, including through the online assessment tool; c) checks on the processing of personal data through telemarketing activities and loyalty cards;
Investigations against public and private parties, in order to verify compliance with the provisions on the protection of personal data related matters, including investigations relating to complaints and formal reports submitted to the Authority and in the investigation at the relevant Departments and processes.

Indeed, as stated by the Authority, the document presents a continuity with the last inspection plan issued in July 2022; this is a confirmation that the scope of both ongoing and planned activities, at least until next June, should be maintained at the center of attention.

The Authority, in the final paragraphs of the inspection plan, has specified that the described activities has involved as far as now 60 inspections, carried out also through verifications on line, and that further investigative activities may be conducted as a result of complaints or reports.

So which companies should pay attention?

As far as no Data Controller can consider itself out of scope with the regard to the Inspection Plan, since part of the activity of the Authority (the one described in point 2 of the inspection plan) is dedicated to verify compliance with data protection regulations in general, we can certainly identify some profiles more at risk than others, and specifically:

Digital identity providers and service SPID and/or CIE providers;
Data controllers who have not yet complied with the rules on cookies;
Telemarketing operators.

For these providers the recommendation is therefore not to be caught unprepared, as well as implement and adopt all the monitoring tools and technical and organizational measures necessary to ensure that all internal processes involving personal data are as compliant as possible with the applicable law.