//

Making 
data
 a strategical 
asset
 through 
compliance

Dataism guides and supports companies and public entities in making data a stretegical asset through compliance with the Swiss Federal Act on Data Protection (nFADP-nLPD) and the EU Regulation 2016/679 (GDPR).

Discover our services

Our 
Services

Our team of professionals, with its strong know-how and continuous training, offers excellent and customer-oriented customized services in data protection and cybersecurity.

1

Services

Our tailor-made consulting services for your business in the field of cybersecurity and data protection in compliance with the GDPR and the FADP.

2

nFADP

Everything you need to know about the new Swiss Act on Federal Data Protection nFADP: overlaps and differences with the GDPR.

3

Bulletins

Read the latest news on data protection, by Mr. Rosario Imperiali d'Afflitto, to keep up-to-date.

Our 
mission

Dataism is the Swiss company of Network Imperiali, composed of the technical expertise of House of Data Imperiali and the legal advisory services of Studio Legale Imperiali d'Afflitto on data protection in the public and private sectors. Its strength is a customized approach, which lawyer Imperiali calls " tailor-made." Its mission? Devise data protection and cybersecurity models tailored to the client.

Read more

Latest bullettins

Fundamental 
rights
 and 
freedoms

The data protection framework, protects individuals through their fundamental rights and freedoms.

Employee’s
 data 
transparency
 -1

Over the summer, the Italian Official Gazette of July 29, 2022 published Legislative Decree No. 104/2022, which implements into Italian law Directive (EU) 2019/1152 on transparent and predictable working conditions.

Directive 2019/1152 extends the information obligations that public and private employers were already required to fulfill with respect to the employee, as a rule priorto the establishment of the employment relationship, under Directive 91/533/EEC, which in turn was implemented by Legislative Decree no. 152/1997; Decree 104/2022, which entirely rewrites the first four articles of Legislative Decree. no. 152/1997, however, amplifies the content of European Directive 2019/1152 by adding additional information obligations that interact – in ways that are not always clear – with the requirements of the GDPR.

Interpellation of the Italian Data Protection Authority

It should be pointed out at the outset that – although certain provisions of the decreeinteract with the requirements of the GDPR – it does not appear that the prior opinion of the Italian Data Protection Authority on the content of the provision was requested, pursuant to Article 36.4 of the Regulation. It seems, in fact, that despite the amendments that have since occurred to Article 154 of the Privacy Code by which a restrictive reading of the recalled GDPR requirement was given, the opinion of the Authority would still have been due. As a result, some insights into the points of interaction between GDPR and the decree, raised by certain provisions of the latter, are missing.

On the other hand, the National Labour Inspectorate (“INL”) – the institution responsible for receiving complaints of violations from workers and imposing the relevant fines – has issued in this regard Circular No. 4/2022 in which it provides some interpretative guidelines, especially on the sanction framework introduced by the new law, also supported by the note of the Legislative Office of the Ministry of Labour and Social Policy (note prot. 7427 of August 10, 2022). INL reserves the right to further detailthe provision, especially on the most innovative contents, such as disclosure requirements regarding the use of automated decision-making and monitoring systems.

Scope of application

The provisions of Decree 104/2022 are addressed indiscriminately to public and private employers and apply with respect to workers with employment relationships established under different types of contracts, with a few limited exceptions (Art. 1). 

The provisions of the decree, which are in force since August 13, 2022, apply in a differentiated manner with respect to both employees already hired and employmentrelationships yet to be established; the text of Article 16 of the decree reads as follows: “1. The provisions of this decree shall apply to all employment relationships already established as of August 1, 2022,” raising the doubt of the applicable discipline with respect to those workers possibly hired between the date of August 2 and the date of the eve of the entry into force of the decree (i.e., August 12). According to the aforementioned INL circular, in application of the “principles of transparency, contractual solidarity and equal treatment”, those hired within the timeframe betweenAug. 2 and Aug. 12, 2022, may also request the employer and principal to supplementthe information pursuant to Decree 104/2022, to be found within the timeframe below.

For workers already employed as of Aug. 1, 2022 (more correctly, as of Aug. 12), the information obligations imposed by the decree are triggered upon the worker’s written request, in which case the employer must comply within 60 days. Failing this, “the fine referred to in Article 19, paragraph 2, of Legislative Decree No. 276 of September 10, 2003, shall apply.” Since Article 19, paragraph 2 – as replaced by Article 5.4 of the Transparency Decree – provides as sanctionable hypotheses only certainviolations of Articles 1 and 1-bis of Legislative Decree No. 152/1997 (as replaced, the former, and introduced, the latter, by Article 4 of the Transparency Decree) and not alsothe violation of the provisions of Article 16 of the same Transparency Decree, it is believed that the general fine of Article 19.2 from 250 to 1,500 euros for each worker concerned applies to it.

In addition, this transitional provision should have been better coordinated with the similar provision in Article 5.2 of the same Decree No. 152/1997, which currently reads, “2. For employment relationships in progress on the effective date of this Decree, the employee may request, in writing, the information referred to in Articles 1, 2 and 3. The employer shall provide the said information by written notice to be delivered within thirty days from the date of receipt of the request.”

The Italian 
“Do-not-call”
 and marketing 
consent

We will finalize the analysis on the Italian "Do-not-call", focusing on marketing consent following the enrollment in the Register.

Calculation
 of administrative 
fines
 under the 
GDPR
 -4

In this round we will focus on the calculation of the Total Worldwide Annual Turnover (step 4) and the principle of effectiveness, dissuasiveness and proportionality of the fine (step 5).

Data 
Governance
 Act – 3

Let’s resume our analysis of the Data Governance Act Regulation, examining the data intermediation and data altruism services.

Calculation
 of administrative 
fines
 under the 
GDPR
 -3

In this round we will focus on step 3 of the process: the application of mitigating and aggravating factors.