The Italian legislative decree amending and adapting the Italian Data Protection Code to the GDPR (the New Italian Data Protection Code) confirmed a hybrid punitive framework based on both administrative fines and criminal penalties.

Every Member State has the power to adopt additional sanctions other than those provided for by the GDPR and the Italian legislator decided to exercise such power jointly with the Italian Data Protection Authority.

In fact, it is very important to understand what those sanctions can entail, from both a criminal and an civil perspective, also in light of the interplay between the New Italian Data Protection Code and the GDPR.

For instance, which provisions of the New Italian Data Protection Code entail administrative fines? What are the criminal offences under the New Italian Data Protection Code? What is the rule for imposing administrative fines and criminal sanctions according to the New Code compared to the GDPR?

Dentons' new FAQs on sanctions are here to help and in case you want to know more about the answers to the questions above, here is the link to the full article.