On September 12, 2019, the Italian Supervisory Authority (Garante) approved a code of conduct for consumer credit agencies, pursuant to Art. 40 GDPR (see here in Italian).
The Code already existed prior to the GDPR, but it had to be amended to meet the requirements of the GDPR and be approved by the Garante in accordance with the GDPR procedures.
The Code regulates the processing of personal data of individuals located in Italy. It can be adhered to by entities located in Italy that professionally manage credit information systems (e.g., banks, financial intermediaries and other entities offering credit services).