Table of Contents Hide
Cybersecurity – websites are concerned
Data security is a significant concern for CNIL, so much so that they have published a guide and checklist.
Already in 2021, we told you that cyber risk is one of the main reasons to accelerate GDPR compliance.
And regarding security, it must be noted that the basics are only sometimes respected. The CNIL has indeed sanctioned several times the absence of elementary measures.
This year, the regulator is focusing on websites. Therefore, the most visited sites are likely to be checked.
Axeptio’s cookie passes customs
The CNIL will focus on the following topics in particular:
- forms for collecting personal data;
- the use of the HTTPS protocol;
- password security;
- strategies implemented to combat ransomware.
Health data, sensitive data par excellence
The GDPR grants a higher level of sensitivity to certain types of personal data. Health data is one of them.
The CNIL has been particularly interested in this for several years.
This is also necessary:
- because hospitals are now one of the privileged targets for hackers;
- because the healthcare sector is digitalizing. However, new technological projects also involve more risks;
- Because, once again, the level of security implemented by public and private actors needs to be improved. The CNIL has, for example, sanctioned doctors for the inadequacy of security measures applied.
Cookies, consent but not only
The CNIL has been interested in cookies for a long time. In the 2010s, it initiated exchanges with the advertising industry to define concrete modalities for managing cookies on its site.
Between periods of moratoriums and text changes, the subject has advanced year by year. In 2020, cookies were already one of the priority themes for CNIL controls.
But now we are entering a new dimension. The CNIL guidelines and recommendations will come into force at the end of March 2021.
- As before, publishers depositing advertising, social, or personalization cookies without the prior consent of users may be sanctioned.
- The National Commission on Informatics and Liberty will also be interested in how you inform your users and solicit their consent.
The CNIL now receives complaints in this area. It will therefore remain vigilant about how publishers manage their trackers.
Securing this topic will require integrating a consent management platform into your website. This is a revolution for those who have only used informative banners. On the other hand, the new guidelines reassure companies that use Axeptio’s module.
Conclusion: The CNIL’s priority topics are your priorities
The CNIL’s annual control programs are an important event to follow. They set the tone for some topics that will most interest the regulator in the year.
However, at Axeptio, we are not trying to scare you or encourage you to play the game of cop and robber.
This annual program is an exciting tool to boost your GDPR compliance approach by accelerating sensitive topics.