According to Appendix No.1 to Requirements for the assurance of  personal data security at their processing within the information  systems of personal data the personal data categories are the following: 

Personal data which directly or indirectly identify a natural person, in particular, by  reference to an identification number (personal code), to one or more specific elements  of his physical, physiological, psychological, economic, cultural or social identity fall  into two categories: common and special. 

Special category of personal data is the information revealing racial or ethnic origin,  political or religious believes, personal data concerning health or sexual life, as well as   data relating to criminal conviction of a physic person.

Common category is the information that reveals: 

1) name and surname; 

2) gender; 

3) date and place of birth; 

4) citizenship; 

5) IDNP; 

6) image; 

7) voice; 

8) family situation; 

9) military situation; 

10) geographic location data/ traffic data; 

11) nickname/alias; 

12) family members’ personal data; 

13) driving license data; 

14) data from matriculation certificate; 

15) economic and financial situation; 

16) data of owned assets; 

17) banking data; 

18) signature; 

19) civil status data; 20) pension file number; 

21) social security number (CPAS); 

22) medical insurance code (CPAM); 

23) phone/fax number; 

24) cell phone number; 

25) address (domicile/residence); 

26) e-mail address; 

27) genetic data; 

28) biometric and anthropometric data; 

29) finger print identification data; 

30) profession and/or work place; 

31) professional occupation - diploma - education; 

32) habits/preferences/behaviors; 

33) physical characteristics. 

In cases of common personal data processing, personal data holders will include in  personal data security policy and will implement the requirements set up for the 1st  security level of personal data information systems - (N-1). 

In cases of special category of personal data processing, personal data holders,  additionally to the set requirements for the 1st security level, will include in security  policy of personal data and will implement requirements established for the 2nd security  level of personal data information systems - (N-2).