Morocco: Adopted CNDP guidance for data controllers on best practices for protecting personal information in the digital space, including encryption recommendation for sensitive data stored on cloud server

On 1 February 2023, the National Commission for the Protection of Personal Data (CNDP) issued guidance for data controllers on best practices for protecting personal information in the digital space. The guidance provides recommendations, including the use of updated antivirus software, secure Wi-Fi configurations, and the periodic changing of passwords. It emphasises secure data management practices such as deleting access credentials of former employees, encrypting sensitive data stored on cloud servers, and concluding contracts with data protection clauses for cloud service providers. The guidance also highlights the importance of privacy education, cautious sharing of personal data, and awareness of potential legal implications, such as defamation and unauthorised access to information systems.