France: Adopted CNIL 2024 Edition Personal Data Security Guide

On 26 March 2024, the CNIL issued the 2024 Edition of its Personal Data Security Guide, which outlines basic precautions and measures to strengthen data protection. The guide is addressed to professionals handling personal data and gives practical guidance on how to comply with legal data security requirements. The 2024 edition includes an additional five points, including information on cloud technology, mobile applications, artificial intelligence (AI), application programming interfaces, and additional guidelines about data security. More specifically, cloud technology should be taken into consideration for business risk assessments. CNIL recommends maintaining data maps of data stored in cloud services to identify unnecessary cloud services and only use trustworthy cloud services. Furthermore, the processing of personal data by mobile applications should be minimised by ensuring that each type of collected data is necessary for the application's operation. In order to face challenges posed by AI, businesses should form multidisciplinary development teams and provide training on security best practices and awareness of AI-specific vulnerabilities. Especially training programs with data from unknown sources should be prevented.