In the course of their activities, religious congregations are likely to collect and process personal data regarding their members, employees and faithful or third parties. This activity could be subject to Italian law.
The Italian Privacy Code sets forth the rules and requirements regarding the processing of personal data, sets sanctions for violations of such rules and provides for different regulations depending on the type of data processed.
In case of sensitive data (i.e., data pertaining to, e.g., racial or ethnic origin, political opinions, membership in parties, trade unions, associations, health etc.), the written consent of the data subject and the prior authorization by the Data Protection Authority are required.
The Italian Civil Code provides for certain exceptions in case of Religious Congregations having legal personality in Italy (i.e., civilly recognized ecclesiastical entities):
Civilly recognized ecclesiastical entities which meet both of the following requirements are not subject to the Italian Privacy Code:
sensitive data are processed solely for institutional religious and worship-related purposes (worship and care of souls, education of the clergy and the religious, missionary purposes, catechesis, Christian education) or for exclusively religious purposes;
such data are not disclosed or communicated to third parties.
With regards to the data processed for their institutional religious and worship-related purposes which are not disclosed to third parties, civilly recognized ecclesiastical entities are subject to the General decree of the Italian Episcopal Conference of October 20, 1999 (an Italian version of the decree may be found here).
Civilly recognized ecclesiastical entities are subject to the Italian Privacy Code in the following cases:
when they process sensitive data for purposes other than religious or worship-related: assistance and charity, schooling, education and culture and, in any case, in case of commercial or for-profit activities;
when the sensitive data processed for religious and worship-related purposes are disclosed or communicated to third parties.
We periodically send articles and communications of interest to Religious Congregations. Furthermore, we invite our members to all the free events we organize.
Articles that delve into topics of interest to Religious Congregations, written by our experts.
Training for members and lay employees/collaborators who process personal data is not just a bureaucratic issue The European Privacy Regulation No. 679/2016 (GDPR), as well as the General Decree of...
Read moreReligious Congregations are rethinking the management of their administrative burdens in a way that allows them to focus on their particular charisma and mission *** Provinces, houses and institutes...
Read moreIs your entity a Data Controller, a Joint Controller or a Data Processor? Why does this question matter to Religious Institutes? In summary, a “Controller” is an entity that, alone or ...
Read moreVia Valadier 44 00193 Roma • info@dikaios.international
All rights reserved © Copyright 2017