On March 26th, the CNIL updated its Personal Data Security Guide, thereby completing the basic precautions to be put in place for IT security. In a context where cyber threats are significantly increasing, this 2024 edition is an essential tool for companies to hence effectively their IT Security.

Lerins decrypts the key points of this update for you:

  • Specific Confidentiality: A proposal for a specific confidentiality/ non-disclosure undertaking provision for individuals who handle personal data (Sheet 2)
  • Awareness ++: Practical recommendations for training and raising awareness among your teams on data security and IT tools (Sheet 3)
  • Reinforced Authentication: Introduction of multi-factor authentication for external access and stricter password complexity requirements for administrators (Sheet 4)
  • BYOD: New guidelines to secure the use of personal equipment at work (Sheet 7)
  • Subcontracting: Strengthened contractual obligations for processors to implement logging monitoring and to notify any security anomaly or incident to the controller as quickly as possible (Sheet 16)
  • Incident Management: Clear instructions for fast response to data breaches, without waiting for external detection. (Sheet 19)
  • Sector Focus: 5 new sheets providing specific advice for areas such as the Cloud, mobile applications, AI, and APIs (Sheets 22 to 25)

Why is this important?

By adapting your IT security strategy to these guidelines, you not only strengthen your defense against cyberattacks but also aim at compliance with current standards, crucial for the trust of your clients and partners.

Protect your data, safeguard operations continuity.