Is whitelisting a class be sufficient to use the datatypes such as Date?
How we can say that a particular class needs to be serialized?
Corda doesn't allow all class to be deserialized by default because there are known exploits and vulnerabilities around it. Hence, Corda only allows whitelisted classes to be deserialized. Classes can be simply whitelisted using @CordaSerializable
annotation on top of your class.
By Default, Corda has whitelisted some classes for you check here. If the class you want to whitelist is not present here then you'll have to whitelist it yourself.