On January 28, the CNIL published a practical guide on RGPD for developers and developers. It contains 16 fact sheets in order to move towards applications and websites that "respect the privacy of users".
Chance of the calendar or finely calculated timing, it is during the Data protection Day, this Tuesday, January 28, that the National Commission of Informatics and freedoms (CNIL) announces the publication of a guide specially designed for developers and developers to help them to be in the nails of the General Regulation on data protection (RGPD).
Whether you are designing apps for iOS and Android or you are working in the web, the guide is designed to be as inclusive as possible : working alone or as a team ? Are you in a small structure or a large organization ? Are you a project leader or a simple cog in a complex machinery? It does not matter : the guide is still general enough to reach as many people as possible.
SIXTEEN TEACHING SHEETS
In all, the guide includes 16 sheets (such as " identifying personal data ", " making an informed choice of its architecture ", " minimizing the data collected ", "informing people" or " measuring the use of websites and applications "), accessible in a dedicated section of the CNIL website. It is also available on GitHub, to suggest changes.
However, be careful not to rely exclusively on this guide : the CNIL warns that it is not "intended to meet all regulatory requirements". Rather, it should be seen as a "first approach to the main principles of the RGPD", a summary of " the various points of attention to be taken into account in the deployment of applications that respect the privacy of its users ".
A GUIDE AS A BASIS FOR WORK
The publication of this guide is welcome at a time when the applications are accused of not doing enough to protect the mobinauts. As an example, the Association Exodus Privacy offers an Android application that allows to visualize all the trackers that are embedded in the applications installed on the smartphone, and of which the individual is not necessarily aware.
In the relatively large structures, however, the guide will only be a medium, in so far as other obligations may apply, in particular to employers, such as the data protection officer or the need to conduct an impact assessment when computer processing is likely to pose a high risk to individuals.