R isk management allows to determine the precautions to take “with regard to the nature of the data and the risks of the processing, to preserve the security of the data…” (article 34 Act of 6th January 1978, known as the act on “Information technology, Data files and Civil Liberties” – hereafter referred to as the French Data Protection and Freedoms Act or FDPFA). The 2016/679 European regulation of 27th
April 2016 (known as “General Data Protection Regulation” or GDPR) specifies that protecting personal data requires taking “appropriate technical and organisational measures to ensure a level of security appropriate to the risk” (article 32).
Such an approach allows for objective decision making and the determination of the measures strictly necessary and suitable to the context. It is, however, often difficult, when you are not familiar with these methods, to apply such an approach and to ensure that the required measures have indeed been implemented.
To help you with complying with your legal obligations, this guide lists the basic precautions which should be implemented systematically.
Views: 5