Abstract

The essay addresses the issue of the prohibition of bis in idem through the prism of the rules on the protection of personal data. The point of observation is particularly fruitful because it allows, first of all, to illuminate the principle of ne bis in idem in its various declinations (substantial and procedural) and dimensions (national and supranational). The central part of the essay is dedicated to the choices made by the new General Data Protection Regulation (GDPR) with particular reference to the remedial and sanctioning apparatus. With reference to the sanctions, the essay analyzes the administrative ones identified, with a uniform aim, by the European legislator, as well as the spaces of differentiations that the GDPR allows the Member States for the definition of further sanctions also of a penal nature, with the relative limits. The final part of the essay is dedicated to the choices made by the Italian Legislator as well as to a brief comparison with the choices made by other Member States of the European Union.