CNIL: Personal data security guide 2024 now available online

For several years now, the CNIL has been publishing a security guide designed to support professionals in their efforts to protect personal data. The new 2024 edition, now available online, introduces new information sheets on topics such as artificial intelligence, mobile applications and the cloud.

Measures to protect personal data

The guide to personal data security published each year by the CNIL aims to help organizations implement measures to ensure the protection of personal data.

This guide is intended for :

Privacy lawyers may also find it useful.

Aware that the security obligation when processing personal data enshrined in the 1978 law, and subsequently reinforced by the RGPD, can be difficult to implement for professionals who haven't mastered risk management methods, the CNIL, through its guide, reminds us of the basic precautions that must be adopted, as well as the measures that must be taken to further strengthen personal data protection.


What's new for 2024

The 2024 personal data security guide is divided into 5 parts and 25 sheets. 5 new sheets have been added compared to last year. These cover :

  1. information in the cloud,
  2. mobile applications,
  3. artificial intelligence (AI),
  4. application programming interfaces (APIs),
  5. data security management.

In parallel, more classic themes are addressed:

  • users (framework, training, authentication, authorizations),
  • equipment (workstations, mobile computing, computer network, server, website, IT developments, premises, etc.),
  • data management (external exchanges, outsourcing, maintenance, end-of-life of hardware and software),
  • incidents (operations tracing, backup, business continuity and recovery, breach management).

Whatever the topic, the structure of the sheets has not changed. They always start with a presentation of the control authority's recommendation, followed by "Basic precautions", "What not to do " and "Further information".

Clearer and more precise, the guide is an invaluable tool for companies, associations and public authorities, who can refer to it when introducing security measures to protect personal data.

Companies familiar with the guide can consult the updates and specific evolutions that have been made thanks to the CNIL's online modification log. This log lists all the changes, organized by file, that have been made since the previous edition.