Big Cover - 2020-11-19T092823.686 (1)

Judicial data and privacy: how to behave in a corporate environment?

With the entry into force of the GDPR, the methods of acquiring and processing judicial data of employees, contractors and suppliers have changed

Technology Advisory

Multi-cloud, Cybersecurity, Governance and Compliance for our Clients’ business

Find out more

Often, when a new employee is taken on, companies run a criminal record check on the candidate. 

While prior legislation allowed obtaining judicial data on a candidate in a wide range of cases, and in line with the anticorruption standard ISO 37001:2016, today this matter has changed significantly, with major consequences for organizations needing to process judicial data.  

Processing of judicial data: the old regulations

Previous Italian legislation on processing of judicial data was composed of various sources (article 27 of the Italian data protection code, Authorization 7/2016 of the “Garante” or Italian data protection agency, applicable collective national work contracts - CCNL), which have now been largely repealed.

Essentially, it was possible to request judicial data from employees and candidates in a wide range of cases, for example also where this was permitted by national collective work contracts.


ISO 27001: how to implement an Information Security Management System

Big Cover (68) (1) Go

Judicial Data and the GDPR

Today, article 10 of the GDPR requires that data subjects’ judicial data be processed only if this occurs under the control of the public authority or if the processing is authorized under EU or member state law.  
To simplify, the GDPR refers regulation of this manner to any specific discipline (European or national).            
The arrival of the GDPR led to, in Italy, the repeal of the existing regulatory system governing the processing of judicial data (art. 27 of the Italian data protection code, Authorization 7/2016, “CCNL” collective national labor contracts).

The main consequence of this is that today in Italy, only a law or equivalent act is able to establish when and how it is possible to process the judicial data of data subjects.

In Italy, there is currently no general regulation specifically regulating this matter which defines with which limits the CCNLs can intervene: the consequence is that companies needing to process judicial data are faced with a fragmented regulatory structure which is difficult to interpret and leads to the risk of having to pay fines and compensation.

What to do, then, in the face of such a legal lacuna?

Contact a consultant and find out about best practice

Contact a consultant

We invite you to read the marketing policy disclaimer.

Please enter a value
Please enter a value
Please enter a valid email address
Please enter a valid phone number
Please enter a value
Please enter a value
Please enter a value

By clicking the "Confirm" button, I declare that I have read and understood the Marketing Disclaimer

I agree to receive commercial and promotional communications relating to services and products as well as information messages relating to marketing activities, as explained in the aforementioned Disclaimer

Please select an option

An error has occurred, please try again later

Thank you for your interest!
We have received your contact request; we will be in touch shortly to further discuss your business requirements.

Case history


Vision & Trends sulla Digital Transformation