Italian Data Protection Authority: audit plan for the first half of 2020

Italian Data Protection Authority approved the audit plan for the first half of 2020 to verify compliance with data protection regulation last February 6. The Authority’s assessment activity will concern the data processing carried out in the most sensitive sectors, such as pharmaceutical and healthcare. Further assessments will also concern the processing of personal data collected by companies for electronic invoicing, marketing activities, and food delivery. Below is a list of areas to further explore.

a) Assessment in the context of:

  • processing of health-related data for companies operating in the pharmaceutical and healthcare sector;
  • processing of personal data for online banking services;
  • processing of personal data for illegal conduct reports (so-called whistleblowing);
  • processing of personal data used by intermediaries for electronic invoicing;
  • processing of personal data managed by public bodies on the issue of registry and civil status certificates;
  • processing of personal data managed by private and public bodies for call center service;
  • processing of personal data used by companies for marketing activities;
  • processing of personal data for loyalty cards;
  • “Food Delivery”;
  • processing of personal data protected by private companies regarding reputational banks;
  • data breach.

b) Assessment for public and private bodies belonging to homogeneous categories.