France: Opened consultation on draft recommendation regarding security of critical personal data processing activities

On 28 August 2023, the French Data Protection Authority (CNIL) opened its consultation, until 8 October 2023, on a draft recommendation regarding the security of critical personal data processing activities. The CNIL aims to provide guidance and support to professionals in ensuring adequate security for systems involved in such critical processing. The recommendation compiles advanced security practices for processing operations that meet the "critical processing" definition, which applies to large-scale processing carrying the potential for significant consequences from a data breach. The finalised recommendation is expected to be published in early 2024, following input from the consultation process.