The French data protection authority, the CNIL, recently published a translated version of its two new guides “Advanced security and Privacy risk management”.
These guides consist of :
- A methodology for managing the risks that can affect the individuals ;
- A catalogue of measures and best practices to treat the risks identified with the methodology.
These documents are primarily intended for use by controllers, data protection officers (DPO) and chief information security officers (CISO). They assist them in creating a rational understanding of the risks arising from the processing of personal data and to choose necessary and sufficient organizational and technical measures to protect privacy.
The two guides are available on the CNIL’s website : http://www.cnil.fr/english/