The CNIL publishes a GDPR guide for developers

11 June 2020

In order to assist web and application developers in making their work GDPR-compliant, the CNIL has drawn up a new guide to best practices under an open source license, which is intended to be enriched by professionals.

Is this guide only for developers?

This guide is mainly aimed at developers working alone or in teams, team leaders, service providers but also at anyone interested in web or application development.

It provides advice and best practices, and thus gives useful keys to understand the GDPR for every stakeholder, regardless of the size of their structure. It can also stimulate discussions and practices within the organisations and in customer relationships.

What does the guide contain?

The GDPR Developer's Guide provides an introduction to GDPR’s main principles and the various aspects to take into account when deploying applications that respect the privacy of its users.

16 thematic files that cover most of the developers’ needs at each stage of their project, from the preparation to the audience’s measurement:

Sheet n°0: Develop in compliance with the GDPR

Sheet n°1: Identify personal data

Sheet n°2: Prepare your development

Sheet n°3: Secure your development environment

Sheet n°4: Manage your source code

Sheet n°5: Make an informed choice of architecture

Sheet n°6: Secure your websites, applications and servers

Sheet n°7: Minimize the data collection

Sheet n°8: Manage user profiles

Sheet n°09: Control your libraries and SDKs

Sheet n°10: Ensure quality of the code and its documentation

Sheet n°11: Test your applications

Sheet n°12: Inform users

Sheet n°13: Prepare for the exercise of people’s rights

Sheet n°14: Define a data retention period

Sheet n°15: Take into account the legal basis in the technical implementation

Sheet n°16: Use analytics on your websites and applications

These good practices are not intended to meet all the regulatory requirements nor to be prescriptive. However, they do provide a reflection on the GDPR requirements to be kept in mind when developing projects.

How can you contribute to this guide?

This guide is available in two versions:

The contribution is made in a few steps:

  • Register on the Github platform;
  • Go to the project page;
  • You can:
    • Use the “Issue” tab to open comments or participate in the discussion.
    • Use the “Fork” option to make your own modifications and propose their inclusion via the “Pull Requests” button.

Contributing to the GDPR Developer's Guide

Your contribution proposal will be examined by the CNIL before publication. The web version of the GDPR developer’s guide published on the CNIL website will be regularly updated.


To release this repository yourself, you can use the Pandoc tool. This tool will allow you to convert the records into a docx file or an HTML document.

You can find the instructions to install this tool here

  • To generate a .docx file :

pandoc -s --toc --toc-depth=1 -o Guide_RGPD_developper.docx [0-9][0-9]*.md

  • To generate an .html file :

pandoc -s --template="templates/mytemplate.html" -H templates/pandoc.css -o index.html [0-9][0-9]*.md



Texte reference

GDPR developers guide