RGPD: What is the CNIL waiting for each of us?

I draw your attention to an article from the CNIL website

I draw your attention to an article from the CNIL website

It focuses on the security of personal data and what this organization expects from each of us.

The security of personal data is an essential part of compliance with the Data Protection Act. Obligations are reinforced with the General Data Protection Regulation (GDPR). This guide recalls the basic precautions to be implemented systematically.

Article 32 of the European regulation states that "the controller and the processor shall implement the appropriate technical and organizational measures to ensure a level of safety appropriate to the risk".

However, it is sometimes difficult, when one is not familiar with risk management methods, to implement such an approach and to ensure that the minimum has been done.

To help professionals in their compliance, the CNIL publishes a guide reminding the basic precautions to be implemented in a systematic way.


GDPR Guide: Risk Management,

It consists of the following four steps:

  1. Identify the processing of personal data, processed data (eg customer files, contracts) and the media on which they are based.

  2. To appreciate the risks generated by each treatment:

    • By identifying the potential impacts on the rights and freedoms of the people concerned, the sources of risk (who or what could be the source of each feared event?) And the feasible threats (what could allow each event dreaded happen?).

    • By determining the existing or planned measures that address each risk (eg access control, backups, traceability, security of premises, encryption, anonymisation)

    • Lastly, by estimating the gravity and likelihood of the risks, with regard to the preceding elements (example of scale usable for the estimation: negligible, moderate, important, maximum).

  3. Implement and verify the planned measures.

  4. Have periodic safety audits performed.

These 4 points which are explained to us summarily are only there to indicate to us the extent of the work that there is to realize within each society and the importance of the general awareness that each one of us must have that in to data protection.


Various articles on the GDPR that could interest you ...