Employers hold a very large quantity of data, some of which are personal under the definition of Italian Personal Data Protection Code. The data do not relate only to employees, but also job applicants, contract workers, casual staff and many others. If data are stored and filed it is likely that the employer process such data, thus bringing their actions within the parameters of the Italian Personal Data Protection Code. Some data may be deemed sensitive under the definition of the Italian Personal Data Protection Code and consequently require a stronger protection.
Normally employers may process the following data:
Personal details; salary; bank account details; email/correspondence about an accident involving a named worker; CV's; applications; employment records; personal records filed in date order and with index's; results of pre-employment vetting.
Employers may also retain information described as "sensitive personal data", for example information concerning trade union activities; sexual life; physical/mental health; racial/ ethnic origins and/ or details of criminal convictions. This information must be treated with special care.
It should be noted that not all information will be deemed personal. For example, general information concerning pay structures and salary information for generic positions and anonymous documents such as details of exit interviews are outside the scope of the Italian Personal Data Protection Code if anonymous and consequentially they do not identify individuals (or cannot be used together with other information available to the data controller to identify the individuals).