Italia · Codice della Privacy (D.Lgs. 196/2003, updated)
TL;DR
Websites targeting users in Italy must comply with GDPR as implemented locally through the Codice della Privacy (D.Lgs. 196/2003, updated). The supervisory authority is the Garante per la protezione dei dati personali. Notable enforcement: Clearview AI fined for facial recognition (€20 million). Use our free scanner below to check your website instantly.
Free audit — 25+ automated checks in 60 seconds
Scan My Website Free →Authority
Garante per la protezione dei dati personali
Website
www.garanteprivacy.it ↗Local Law
Codice della Privacy (D.Lgs. 196/2003, updated)
Language
Italian
Largest Fine
€20 million
Population
59 million
Cookie banner must allow granular category-level consent
Scroll is NOT valid consent (ruled by Garante)
Marketing requires prior specific consent
Cookie policy must be separate from privacy policy
DPO mandatory for public bodies and large-scale processors
Italian-language privacy notice required for local users
Italy's Garante has issued detailed cookie guidelines requiring a two-layer approach: a short banner with essential info and a second layer with full cookie details and granular controls. Italy was among the first to ban ChatGPT temporarily over GDPR concerns.
Cookie consent banner that requires opt-in before non-essential cookies
Privacy policy available in Italian
Clear identification of data controller and contact details
Data Processing Agreement (DPA) with all third-party processors
Lawful basis documented for each processing activity
Data Subject Access Request (DSAR) process in place
Data breach notification procedure compliant with 72-hour rule
Data Protection Impact Assessment for high-risk processing
International data transfer mechanisms documented (SCCs, adequacy decisions)
Records of processing activities (ROPA) maintained
In Italy, websites must comply with GDPR as implemented by the Codice della Privacy (D.Lgs. 196/2003, updated). Key requirements include obtaining explicit consent before setting non-essential cookies, providing a clear privacy policy, appointing a DPO when required, and notifying data breaches within 72 hours to the Garante per la protezione dei dati personali.
The Garante per la protezione dei dati personali is the supervisory authority responsible for enforcing data protection laws in Italy. They can investigate complaints, conduct audits, and issue fines up to €20 million or 4% of annual global turnover.
Use PrivacyChecker's free scanner to perform an instant audit of your website. Our tool checks 25+ compliance points including cookie consent, privacy policy presence, security headers, tracker detection, and more — all relevant to Italy's GDPR requirements.
Find out in 60 seconds with our free GDPR scanner
Run Free Audit →