On March 26, 2024, the French data protection authority (the “CNIL”) published the 2024 edition of its Practice Guide for the Security of Personal Data (the “Guide”). The Guide is intended to support organizations in their efforts to implement adequate security measures in compliance with their obligations under Article 32 of the EU General Data Protection Regulation. In particular, the Guide targets DPOs, CISOs, computer scientists and privacy lawyers.
The Guide is divided into the following five parts, each addressing key security themes: 1) users; 2) information technology and equipment; 3) control over data; 4) preparing for an incident; and 5) focus. The five parts are further divided into factsheets that provide a more detailed analysis of the relevant security requirements. The 2024 edition of the Guide includes several modifications and updates. Additionally, this edition integrates new factsheets on: 1) cloud computing; 2) mobile applications; 3) artificial intelligence; 4) application programming interfaces (APIs); and 5) data management security.
Read the Guide and the press release.