New rules on data protection and corporate liability!

Important developments on the companies’ liability for data protection breaches.

As you may know, Italian law (so called “Law 231?) provides indeed a regime of criminal corporate liability and sanctions in the event that the directors/managers or employees commit certain types of crimes in the interest of and/or to the advantage of their companies (or group companies).

The list of these crimes, which includes, for instance, corruption and IP rights breach, has progressively been extended by the Italian Government. Well, since last 17 August 2013, the list includes also (i) unlawful processing of personal data, (ii) false information in the communications and notification to the Italian Data Protection Authority (Garante Privacy), (iii) non-compliance with Garante Privacy‘s orders.

The extension of the criminal corporate liability regime to privacy-related crimes will likely have a considerable impact on companies’ operations.

It often happens that companies’ management considers privacy compliance as a cost that might be postponed. This latest amendment in the Law 231 could change this approach and data protection may well rank as a top priority for companies operating in Italy.

In order to avoid criminal corporate liability and related sanctions, companies have to set up and implement internal management and organizational models aimed at preventing crimes. Such organizational model, among others, provide for:

  • the identification of the potential risky areas;
  • the implementation of an appropriate internal monitoring and sanctioning system to exclude/limit the potential risks.

If companies do not adopt effective and updated internal models of organization there may be monetary sanctions up to 774,500 Euro. Moreover further administrative sanctions, such as the suspension or termination of public licenses (e.g. gaming licenses), the prohibition of advertising company’s products or services or the prohibition of contracting with the public administration may be applied, which may well jeopardize the entire company operations.

All the above will likely lead to an increase in data protection compliance audits and implementation of organizational model.

Topics:  Corporate Liability, Cybersecurity, Data Breach, Data Protection, EU, New Regulations

Published In: General Business Updates, Criminal Law Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© DLA Piper - IP Technology in Italy | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »