Privacy by Design

What does that mean in practice?

The protection of personal data must be built into the design of the digital service from the outset and by default. The collection, processing, storage, and access to data must comply with the principles of data minimization, security, and purpose limitation.

Compliance with privacy regulations is a responsibility that also affects architectural and functional decisions.

National Regulations

The Personal Data Protection Code (Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018) coordinates the application of the General Data Protection Regulation (GDPR) in Italy.


For those who develop digital services, this means collecting only the necessary data, incorporating data protection by design, defining roles and permissions, ensuring traceability, and establishing retention periods consistent with the purposes of the processing.

European legislation

Regulation (EU) 2016/679 establishes general rules on the protection of personal data. Article 25 introduces the principle of data protection by design and by default (Privacy by Design and by Default), requiring data controllers to implement appropriate technical and organizational measures to ensure compliance with the law.

Last update: