Keep Personal Data Safe: CNIL's Comprehensive Guide to Securing Sensitive Information in the Digital Age

The new version of the CNIL's practice guide for the security of personal data has been released to provide guidance and reminders for businesses and organizations on how to protect personal data in light of the GDPR. This updated guide includes new factsheets covering topics such as artificial intelligence, mobile applications, cloud computing, and application programming interfaces (APIs).

The guide emphasizes the importance of the security obligation that has been in place since 1978, with the aim of reinforcing data protection under the GDPR. However, it acknowledges that implementing these measures may be challenging, especially for those unfamiliar with risk management methods. The practice guide aims to make this process easier by providing clear guidelines and practical advice.Through the various factsheets, the guide outlines both basic precautions and more advanced security measures that can be taken to protect personal data. These include things like implementing strong passwords, encrypting sensitive information, and regularly backing up data. It also covers more technical measures such as firewalls, intrusion detection systems, and access control.

The 2020 edition of the guide has been updated with new information and improvements to keep up with evolving threats and developments in technology and knowledge. It is primarily intended for data protection officers, chief information security officers, computer scientists, and legal experts who are responsible for data security in their organizations. However, it can also be used by the CNIL to assess the security of personal data processing.In summary, the CNIL's practice guide for the security of personal data provides a comprehensive resource for businesses and organizations to ensure they are taking the necessary steps to protect personal data and comply with the GDPR. By following the guidelines outlined in this guide, organizations can strengthen their data protection practices and minimize the risk of data breaches.