- Home page
- You develop mobile apps? The CNIL guides you to respect the RGPD
A coincidence of timing or finely calculated timing, it is on Data Protection Day, this Tuesday, January 28, that the National Commission for Information Technology and Civil Liberties (CNIL) announces the publication of a guide specially designed for developers to help them to be in the nails of the General Data Protection Regulations (RGPD).
Whether you’re designing applications for iOS and Android or you’re more of a web-based person, the guide is meant to be as universal as possible: are you working alone or in a team? Are you in a small structure or a large organization? Are you the leader of a project or a simple cog in complex machinery? It doesn’t matter: the guide remains general enough to address as many people as possible.
Developers need to consider good practices in DPM // Source: Jonathan Cutrer
In all, the guide includes sixteen sheets (such as “identifying personal data”, “making an informed choice of its architecture”, “minimising the data collected”, “informing people” or “measuring the use of websites and applications”), accessible in a dedicated section of the CNIL website. It is also available on GitHub, to suggest modifications.
However, be careful not to rely exclusively on this guide: the CNIL warns that it is not “intended to meet all the requirements” in terms of regulations. Rather, it should be seen as a “first approach to the main principles of the RGPD“, a summary of “the various points of attention to be taken into account when deploying applications that respect the privacy of its users“.
The guide contains sixteen practical sheets, which may evolve over time thanks to feedback from computer specialists. // Source: Eric Bailey
The publication of this guide is welcome at a time when applications are being accused of not doing enough to protect mobile users. As an example, the Exodus Privacy association proposes an Android application that allows to visualize all the trackers that are embedded in the applications installed on the smartphone, and of which the individual is not necessarily aware.
In relatively large structures, however, the guide will be only a support, insofar as other obligations may come into play, in particular in relation to employers, such as the Data Protection Officer or the need to carry out an impact assessment where data processing operations are likely to place individuals at high risk.
- Read : RGPD: CNIL warns that it will be less conciliatory from now on
The editors recommend