Legislative Decree no. 196 of 30 June 2003

Main definitions


Processing shall mean any operation, or set of operations, carried out with or without the help of electronic or automated means, concerning the collection, recording, organisation, keeping, interrogation, elaboration, modification, selection, retrieval, comparison, utilization, interconnection, blocking, communication, dissemination, erasure and destruction of data, whether the latter are contained or not in a data bank.

Personal data

Personal data shall mean any information relating to natural persons that are or can be identified, even indirectly, by reference to any other information including a personal identification number.

Identification data

Identification data shall mean personal data allowing a data subject to be identified directly.

Sensitive data

Sensitive data shall mean personal data allowing the disclosure of racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-unionist character, as well as personal data disclosing health and sex life.

Anonymous data

Anonymous data shall mean any data that either in origin or on account of its having been processed cannot be associated with any identified or identifiable data subject.

Data controller

Data controller shall mean any natural or legal person, public administration, body, association or other entity that is competent, also jointly with another data controller, to determine purposes and methods of the processing of personal data and the relevant means, including security matters.

Data processor

Data processor’ shall mean any natural or legal person, public administration, body, association or other agency that processes personal data on the controller’s behalf;.

Persons in charge of the processing

Persons in charge of the processing shall mean the natural persons that have been authorised by the data controller or processor to carry out processing operations.

Data subject

Data subject shall mean any natural person that is the subject of the personal data.


Communication’ shall mean disclosing personal data to one or more identified entities other than the data subject, the data controller’s representative in the State’s territory, the data processor and persons in charge of the processing in any form whatsoever, including by making available or interrogating such data;.


Dissemination shall mean disclosing personal data to unidentified entities, in any form whatsoever, including by making available or interrogating such data.

Data bank

Data bank shall mean any organised set of personal data, divided into one or more units located in one or more places.


Garante shall mean the authority referred to in Section 153 as set up under Act no. 675 of 31 December 1996.

Minimum measures

Minimum measures shall mean the technical, informational, organizational, logistics and procedural security measures affording the minimum level of protection which is required by having regard to the risks mentioned in Section 31 of the Legislative Decree no. 196 of 30 June 2003.

Electronic means

Electronic means shall mean computers, computer software and any electronic and/or automated device used for performing the processing.

Computerised authentication

Computerised authentication shall mean a set of electronic tools and procedures to verify identity also indirectly.

Authentication credentials

Authentication credentials shall mean the data and devices in the possession of a person, whether known by or uniquely related to the latter, that are used for computer authentication.


Password shall mean the component of an authentication credential associated with and known to a person, consisting of a sequence of characters or other data in electronic format.

Authorisation profile

Authorisation profile shall mean the information uniquely associated with a person that allows determining the data that may be accessed by said person as well as the processing operations said person may perform.

Authorisation system

Authorisation system” shall mean the tools and procedures enabling access to the data and the relevant processing mechanisms as a function of the requesting party’s authorisation profile.

Electronic mail

Electronic mail shall mean any text, voice, sound or image message sent over a public communications network, which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient.

Public communications network

Public communications network shall mean an electronic communications network used wholly or mainly for the provision of publicly available electronic communications services which support the transfer of information between network termination points.

Last Updated on Wednesday, 10 December 2014 11:14