Italy

All things considered above, it is also important understanding how the Italian System defines data processing and then what can happen in case of judiciary case for missing cybersecurity’s measures.
The Legislative Decree No. 101/2018, definitely published on 4th of September 2018 on the Italian Official Journal (of the Italian Republic) doesn’t repeal the Decree No. 196/2003 (Italian Privacy Code), which means that it is still in force regarding some basics connected with liability and Civil Procedure Code.
According to the Civil Procedure Code and the Decree No. 196/2003, in the Italian Jurisdiction there is an Action before the civil judicial authorities. In fact, an injured party can bring an action before the civil courts to claim damages.
Otherwise with regard to the GDPR data processing is considered to be a "dangerous activity" subject to Article 2050 of the Italian Civil Code. This provision is generally significant, but especially in this case because it reverses the burden of proof and provides that the injured party has the right to be indemnified by the entity that carried out the data processing if that entity is not able to demonstrate that it took all the necessary measures to avoid the damage.