Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016: on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
As of 25 May 2018, the new European General Data Protection Regulation (more commonly referred to as GDPR-General Data Protection Regulation) repealing Directive 95/46/EC became effective in all EU Member States.
This replaces the Personal Data Protection Code in Italy, approved by Legislative Decree No. 196 of 30 June 2003. In essence, more precise rules on information and consent are introduced and limits on automated processing of personal data are established.
It also defines the basis for the application of new rights and lays down strict criteria in the case of data transfer outside the European Union and in cases of personal data breaches.
The Regulation is legally binding and directly applicable in all EU Member States and does not require a law for national implementation. It also applies in full to those entities on non-EU countries that offer services or products to persons on the respective territories of the Member States. This makes it clear that companies, regardless of their location, that have dealings with the EU will have to comply with these new rules.