The French national digital security agency (ANSSI) has recently published a “data security kit” on the occasion of the entry into application of the EU General Data Protection Regulation (GDPR) on last May 25.
Security of the personal data, to preserve their integrity and confidentiality, is one of the main data protection principles set out in Article 5 of the GDPR. In particular, GDPR requires organizations to ensure a level of security appropriate to the risks, by implementing appropriate technical and organizational measures, such as “encryption of personal data” and “the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services”.
In order to help organizations perform secure personal data processing and improve the overall digital security in France, the ANSSI has made available on its website (in French), a practical tool supplementing the French data protection supervisory authority’s (CNIL) own guidelines and recommendations on how to implement the GDPR.
The toolkit is composed of a series of information sheets, videos, infographics, guides, simulators, training courses and other documents covering many topics from risk management to best practice in terms of IT hygiene, employee awareness, trusted digital services, etc. organized in 5 main themes:
- Understanding the digital risk
- Employee awareness
- Choosing trusted experts and solutions
- What to do in case of security incident
As a reminder, the CNIL had already published its own updated security guidelines in February this year (the English version is finally available here). Organizations should therefore take full advantage of these two practical tools, to better apprehend risks (in particular digital risks) and implement appropriate measures to protect personal data in compliance with the GDPR in order to avoid any security breach which could result in important fines and serious reputational damage.