Blog Image
Profile Image Verifile
April 4 2018

CNIL's new personal information security guidelines for French organisations

The French data protection authority has published new guidelines on the security of personal data, with practical recommendations to help businesses implement appropriate measures to protect personal data in compliance with the GDPR.

Although the GDPR provides some guidance, CNIL (Commission Nationale de l'Informatique et des Libertés - an independent French administrative regulatory body whose mission is to ensure that data privacy law is applied to the collection, storage, and use of personal data) acknowledges that determination may be difficult for businesses that are unfamiliar with risk management methods in terms of data processing.

CNIL's recommendations are organized in 17 themes to advise organizations on how to comply and document their security obligations, but also as a practical tool for conducting privacy impact assessments.