Publié le 21/08/2018, mis à jour le 21/10/2020 à 13:57 Personal data protection: an AFNOR handbook to the essential standards
Since 25 May 2018, personal data protection has been governed by the GDPR. Voluntary standards are very useful in this field. As this new AFNOR handbook demonstrates.
At the end of 2016, the loss of personal data from 500 million Yahoo user accounts hit the headlines. Organizations all over the world must be more vigilant than ever before regarding the protection of this data. Computer viruses, data loss or theft, bugs… Customers’ personal information can quickly fall into the hands of hackers prowling the web.
Faced with the rise in infringements, the European Commission decided to introduce more stringent regulations. The new General Data Protection Regulation (GDPR) came into force on 25 May 2018. Its aim was to strengthen the rights of data subjects, to make the actors that process data act responsibly and to prove the credibility of the regulation. Organizations that breach the new regulation will face fines of up to 4% of their annual worldwide turnover.
Organizations will have to take the steps required to protect the confidential nature of the data they collect in order to avoid these sanctions. And this is where voluntary standards step in. These reference solutions, developed on a consensual basis, guide organizations in their actions and define criteria that are common to all parties. In terms of IT security, they provide rock solid protection, because they are written, under the aegis of AFNOR, by the people who are faced with this question day after day. If you want to do something right, you’ve got to do it yourself !
The essential free handbook to voluntary standards and personal data
AFNOR is publishing the first useful handbook to the voluntary standards that are essential to personal data protection. It provides actors in IT with an at-a-glance overview of the voluntary standards that meet their needs and that they are encouraged to procure. Cryptography, anonymization, etc. There are many ways to protect confidential data. But which is the right one for me? And what about implementation in the field? Voluntary standards to help organizations of all sizes have already been published or are being prepared: ISO/IEC 29191 for cryptography techniques, ISO/IEC 29134 for the guidelines for privacy impact assessment, etc.
“In the realm of the protection of privacy, voluntary standards are very useful to make sure that everyone understands and takes the appropriate actions,” claims Matthieu Grall, Head of the Technological Experts department at the French data protection authority (CNIL), a member of the AFNOR Standardization working Group that produced the handbook. “Unfortunately, they are too recent to be well known, and are all too often mistaken for the legally binding regulatory standards, or laws. We asked ourselves about the “business” needs and the needs of companies. Instead of simply listing the voluntary standards that are useful to protect personal data, we drew up a list of the chapters that address the problems facing professionals and users”, continues Matthieu Grall.
How to conduct a privacy impact assessment? What are the common and generic codes of conduct for the protection of privacy? The handbook contains a close-up on six categories of voluntary standards. “In the future, these standards will become essential in order to set up an IT security management system offering a framework for progress that must cover personal data protection in particular,” concludes Matthieu Grall. Staying ahead of the game and compliant with the regulations: two good reasons to download this new handbook !