The CNIL publishes a GDPR guide for developers
In order to assist web and application developers in making their work GDPR-compliant, the CNIL has drawn up a new guide to best practices under an open source license, which is intended to be enriched by professionals.
Is this guide only for developers?
This guide is mainly aimed at developers working alone or in teams, team leaders, service providers but also at anyone interested in web or application development.
It provides advice and best practices, and thus gives useful keys to understand the GDPR for every stakeholder, regardless of the size of their structure. It can also stimulate discussions and practices within the organisations and in customer relationships.
What does the guide contain?
The GDPR Developer's Guide provides an introduction to GDPR’s main principles and the various aspects to take into account when deploying applications that respect the privacy of its users.
16 thematic files that cover most of the developers’ needs at each stage of their project, from the preparation to the audience’s measurement:
Sheet n°0: Develop in compliance with the GDPR
Sheet n°1: Identify personal data
Sheet n°2: Prepare your development
Sheet n°3: Secure your development environment
Sheet n°4: Manage your source code
Sheet n°5: Make an informed choice of architecture
Sheet n°6: Secure your websites, applications and servers
Sheet n°7: Minimize the data collection
Sheet n°8: Manage user profiles
Sheet n°09: Control your libraries and SDKs
Sheet n°10: Ensure quality of the code and its documentation
Sheet n°11: Test your applications
Sheet n°13: Prepare for the exercise of people’s rights
Sheet n°14: Define a data retention period
Sheet n°15: Take into account the legal basis in the technical implementation
Sheet n°16: Use analytics on your websites and applications
These good practices are not intended to meet all the regulatory requirements nor to be prescriptive. However, they do provide a reflection on the GDPR requirements to be kept in mind when developing projects.
How can you contribute to this guide?
This guide is available in two versions:
- A web version on the CNIL website and in the tab the “Releases” tab of this repository;
- A GitHub version, which offers the possibility for everyone to contribute it.
The contribution is made in a few steps:
- Register on the Github platform;
- Go to the project page;
- You can:
- Use the “Issue” tab to open comments or participate in the discussion.
- Use the “Fork” option to make your own modifications and propose their inclusion via the “Pull Requests” button.
Contributing to the GDPR Developer's Guide
Your contribution proposal will be examined by the CNIL before publication. The web version of the GDPR developer’s guide published on the CNIL website will be regularly updated.
To release this repository yourself, you can use the Pandoc tool. This tool will allow you to convert the records into a docx file or an HTML document.
You can find the instructions to install this tool here
- To generate a .docx file :
pandoc -s --toc --toc-depth=1 -o Guide_RGPD_developper.docx [0-9][0-9]*.md
- To generate an .html file :
pandoc -s --template="templates/mytemplate.html" -H templates/pandoc.css -o index.html README.md [0-9][0-9]*.md