Italy: Published guide to the implementation of the GDPR

On 1 June 2023, the Italian Data Protection Authority published a guide for the implementation of the GDPR. The guide is intended to serve as a reference tool for individuals working in both the public and private sectors. It is designed to provide practical guidance, particularly useful for small and medium-sized enterprises, by offering an overview of key aspects that companies and public entities should consider when implementing the GDPR. These aspects include the rights of data subjects, the responsibilities of data controllers, transparency in the use of personal data, and the lawfulness of data treatment. The guide specifically focuses on several areas that owners need to address. This includes the provision of information to data subjects, the evaluation of circumstances requiring the owner to notify the Data Protection Authority and, if necessary, the affected individuals in case of a personal data breach, as well as the designation of a Data Protection Officer.