{"id":7670,"date":"2024-04-08T14:19:48","date_gmt":"2024-04-08T12:19:48","guid":{"rendered":"https:\/\/lerins.com\/?p=7670"},"modified":"2025-04-23T17:22:00","modified_gmt":"2025-04-23T15:22:00","slug":"new-cnil-personal-data-security-guide-update-what-you-need-to-know-2-2","status":"publish","type":"post","link":"https:\/\/lerins.com\/en\/new-cnil-personal-data-security-guide-update-what-you-need-to-know-2-2\/","title":{"rendered":"Flash News |\u00a0CNIL Personal data security guide update: What you need to know 2\/2"},"content":{"rendered":"<p><strong>Update of the CNIL Guide to Personal Data Security &#8211; What you need to know 2\/2 &#8211;\u00a05 new sheets on the Cloud, mobile apps, AI, and APIs<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Lerins offers you a summary of the <em>do\u2019s<\/em> and <em>don\u2019ts<\/em>:<\/p>\n<p>&nbsp;<\/p>\n<p style=\"font-weight: 400;\">1. CLOUD &#8211; Sheet 22<\/p>\n<p><strong>To Do:<\/strong><\/p>\n<ul>\n<li>Establish a precise mapping of data and processes conducted in the cloud, alongside an inventory of employed cloud services.<\/li>\n<\/ul>\n<p><strong>To Avoid:<\/strong><\/p>\n<ul>\n<li>Massively transferring data to the cloud without pre-sorting sensitive information.<\/li>\n<li>Neglecting one&#8217;s part of data security responsibility, assuming the cloud provider is solely accountable.<\/li>\n<li>Performing backups in the same datacenter where the original data is stored.<\/li>\n<li>Allowing unrestricted access to cloud providers to your data.<\/li>\n<\/ul>\n<p style=\"font-weight: 400;\"><strong>\u00a0<\/strong><\/p>\n<p style=\"font-weight: 400;\">2. MOBILE APPS &#8211; Sheet 23<\/p>\n<p><strong>To Do:\u00a0<\/strong><\/p>\n<ul>\n<li>Utilize dedicated APIs to encapsulate cryptographic secrets directly in the phone&#8217;s hardware, like Hardware Keystore for Android or Secure Enclave for Apple.<\/li>\n<\/ul>\n<p><strong>To Avoid:\u00a0<\/strong><\/p>\n<ul>\n<li>Failing to define and formalize precisely the security objectives and technical measures to adopt when contracting with a developer.<\/li>\n<li>Allowing subcontractors to add third-party code elements to your application without ensuring they adhere to the strictest security standards.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p style=\"font-weight: 400;\">3. ARTIFICIAL INTELLIGENCE &#8211; Sheet 24<\/p>\n<p><b>Do:<\/b><\/p>\n<ul>\n<li>Develop a comprehensive file for developers and users, detailing the design, operation, and necessary equipment to exploit AI.<\/li>\n<li>\n<div><span lang=\"EN-US\">Establish a mandatory process for the development and incorporation of content into AI systems to ensure the quality and relevance of the information processed.<\/span><\/div>\n<\/li>\n<li><span lang=\"EN-US\"><span lang=\"EN-US\">Plan and conduct regular audits covering software, hardware, and organizational aspects, including <\/span><\/span>human monitoring of AI processes to maintain system integrity and safety.<\/li>\n<\/ul>\n<p><strong>Don&#8217;t:<\/strong><\/p>\n<ul>\n<li>\n<div><span lang=\"EN-US\">Train AI models on unreliable or unverified data<\/span><\/div>\n<\/li>\n<li>\n<div><span lang=\"EN-US\">Forget to verify output data to ensure absence of personal data or errors<\/span><\/div>\n<\/li>\n<li>\n<div><span lang=\"EN-US\">Operate AI without a thorough knowledge of their capabilities, limits, or without assessing the potential implications of errors or biases.<\/span><\/div>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p style=\"font-weight: 400;\">4. APIs &#8211; Sheet 25<\/p>\n<p><strong>Do:\u00a0<\/strong><\/p>\n<ul>\n<li>\n<div><span lang=\"EN-US\">Clarify the roles and responsibilities of each actor involved in the use of APIs to properly define access rights to APIs and data.<\/span><\/div>\n<\/li>\n<li>\n<div><span lang=\"EN-US\">Implement a tracking system for exchanges conducted via APIs. Use tracing tools to identify and act quickly in case of inappropriate use.<\/span><\/div>\n<\/li>\n<li>\n<div><span lang=\"EN-US\">Keep detailed documentation up to date, including the format of requests and the structure of exchanged data.<\/span><\/div>\n<\/li>\n<\/ul>\n<p><strong>Don&#8217;ts:<\/strong><\/p>\n<ul>\n<li>Retaining old versions of your APIs that may contain uncorrected vulnerabilities.<\/li>\n<li>Overlooking the security of access keys to APIs.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p style=\"font-weight: 400;\">By adopting these practices and avoiding these pitfalls, you will optimize your data security. Protect your data, safeguard operations continuity.<\/p>\n<p style=\"font-weight: 400;\">Need more advice? Contact our IT Partner, Mathilde Croze<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update of the CNIL Guide to Personal Data Security &#8211; What you need to know 2\/2 &#8211;\u00a05 new sheets on the Cloud, mobile apps, AI, and APIs &nbsp; Lerins offers you a summary of the do\u2019s and don\u2019ts: &nbsp; 1. CLOUD &#8211; Sheet 22 To Do: Establish a precise mapping of data and processes conducted [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":9096,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[83],"tags":[67,68],"class_list":["post-7670","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-flash-news-2","tag-mathilde-croze-en","tag-tech-data"],"acf":[],"_links":{"self":[{"href":"https:\/\/lerins.com\/en\/wp-json\/wp\/v2\/posts\/7670","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lerins.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lerins.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lerins.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/lerins.com\/en\/wp-json\/wp\/v2\/comments?post=7670"}],"version-history":[{"count":0,"href":"https:\/\/lerins.com\/en\/wp-json\/wp\/v2\/posts\/7670\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lerins.com\/en\/wp-json\/wp\/v2\/media\/9096"}],"wp:attachment":[{"href":"https:\/\/lerins.com\/en\/wp-json\/wp\/v2\/media?parent=7670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lerins.com\/en\/wp-json\/wp\/v2\/categories?post=7670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lerins.com\/en\/wp-json\/wp\/v2\/tags?post=7670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}