26 luglio 2021
Relationship Between EU Regulation 679/2016 (GDPR) And Legislative Decree 231 Of 2001

The Regulation 679/16 EU (GDPR) and Legislative Decree 231/01 have many similarities in their approach and this implies that the two models, although they cannot overlap, must communicate with each other, also in order to improve their adherence to the reality in which they operate.

The GDPR is the legislation that since 2018 (year of its effective applicability) governs the protection of personal data. Fundamental principles of the GDPR are the accountability of the Data Controller, privacy by design and by default, the assessment of risks associated with data processing and the consequent implementation of technical and organizational measures for the minimization of these risks. Legislative Decree 231/2001 - Regulations governing the administrative liability of legal entities, companies and associations, including those without legal personality - introduced into the Italian legal system a system of administrative liability dependent on the commission of certain offences by companies.

In general, it can be observed that a first point of contact between the two regulations is represented by the circumstance that both are based on the analysis of internal processes, on the definition of an organizational model that represents it, as well as on the analysis of related risks.

Marazzi & Associati is pleased to share as an attachment a content published on the mondaq platform - written by Nicolò ghibellini, senior associate of M&A - which specifically identifies the adherences between the two mentioned disciplines. For further information, please contact Alessia Marsegaglia at

Relationship Between GDPR And Legislative Decree 231