DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

FR: CNIL issues new data security guidelines

Posted on February 3, 2018 by Dissent

On January 23, 2018, the French data protection authority (the CNIL) published new guidelines on the security of personal data (updating its previous security guide published in 2010 available in English) , providing practical recommendations in the form of “Do’s and Dont’s” to help businesses implement appropriate measures to protect personal data in compliance with the General Data Protection Regulation (“GDPR”).

Denise Lebeau-Marianna and Caroline Chancé write:

Article 32 of the GDPR requires data controllers and processors to “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk”. Although the GDPR provides some guidance as to the types of measures that may be considered appropriate (i.e., the pseudonymisation and encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing), the CNIL acknowledges that such determination may be difficult for businesses that are unfamiliar with the risk management methods in terms of data processing.

The CNIL’s guide (available in French only at the date of this post – an English version will be made available by the CNIL in the near future) is aimed at (i) clarifying the basic precautions to be taken systematically when processing personal data and (ii) helping businesses verify their level of compliance thanks to a tick box evaluation form made available at the end of the guide.

Read more on DLA Piper Privacy Matters.

Related Posts:

  • France: New “Data Security Kit” Published by the ANSSI
  • ROMANIA: Romanian Data Protection Authority issues…
  • WP29 guidelines on personal data breach notification…
  • SPARTOO: sanction of 250,000 euros and injunction…
  • GDPR: potential fines for data security breaches…

Post navigation

← CarePlus notifying 11,200 members of breach involving protected health information
Western Washington Medical Group Notifies 842 Patients of Improper Disposal of Records →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Seeking clarification on Maine’s data breach notification statute
  • East River Medical Imaging notifies 605,809 patients of breach
  • Russian hackers exploiting Outlook bug to hijack Exchange accounts
  • Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system
  • 23andMe data breach: Hackers accessed data of 6.9 million users
  • AlphV claims they have started contacting some of Tipalti’s clients (1)
  • Research: Privacy as Pretense: Empirically Mapping the Gap Between Legislative & Judicial Protections of Privacy
  • What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net