Cybersecurity—Italy—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cybersecurity—Italy—Q&A guide
  • 1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?
  • 2. Which sectors of the economy are most affected by cybersecurity laws and regulations in your jurisdiction?
  • 3. Has your jurisdiction adopted any international standards related to cybersecurity?
  • 4. What are the obligations of responsible personnel and directors to keep informed about the adequacy of the organisation’s protection of networks and data, and how may they be held responsible for inadequate cybersecurity?
  • 5. How does your jurisdiction define cybersecurity and cybercrime?
  • 6. What are the minimum protective measures that organisations must implement to protect data and information technology systems from cyberthreats?
  • 7. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to intellectual property?
  • 8. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to critical infrastructure or specific sectors?
  • 9. Does your jurisdiction have any cybersecurity laws or regulations that specifically restrict sharing of cyberthreat information?
  • More...

Cybersecurity—Italy—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to cybersecurity in Italy published as part of the Lexology Getting the Deal Through series by Law Business Research (published: April 2021).

Authors: ICT Legal Consulting—Paolo Balboni; Luca Bolognini; Valerio De Feo; Francesca Tugnoli; Antonio Landi; Francesco Capparelli; Giulia Rosignuolo

1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?

In Italy, there are a number of regulations that guide the management of cybersecurity practices. Within the framework of the regulations applicable in Italy, the following should be mentioned:

  1. Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR) and Legislative Decree 196/2003 (Italian Personal Data Protection Code) regulate specific aspects of personal data protection in Italy. This legislation contains a number of rules, including article 32 GDPR and other specific provisions regarding the security measures to be applied for the processing of health-related personal data (article 2-septies Personal Data Protection Code), which require data controllers to adopt technical and organisational measures to protect personal data on the basis of the risks underlying the processing operations carried out. To be able to demonstrate that technical measures to protect data have been adopted, data controllers are required to identify and map possible IT risks and strengthen their cybersecurity resilience.

  2. Legislative Decree 51/2018, which transposed Directive (EU) 2016/680 in Italy. This legislative decree contains

Popular documents