CNIL publishes an update of its PIA Guides

26 February 2018

While releasing an update for the PIA software, the CNIL publishes a new edition of its PIA guides coming together with a specific version applied to the field of connected objects and a case study on a sleep monitor.

CNIL’s PIA method updated and adapted to the GDPR

A PIA (Privacy Impact Assessment or Data Protection Impact Assessment - DPIA) aims at building and demonstrating compliance to the General Data Protection Regulation (GDPR) principles. Once the GDPR will be applicable in May 2018, a PIA will be required where a processing is likely to result in a high risk to data subjects. To know more on the PIA and associated obligations, please read the DPIA Guidelines.

To assist in this process and take into account all GDPR requirements, CNIL has updated its “PIA Guides” as well as its PIA tool. The method is consistent with the WP29 Guidelines and with risk management international standards.

CNIL’s PIA method is composed of three guides:

  1. The method explains how to carry out a PIA;
  2. The models help to formalize a PIA by detailing how to handle the different sections introduced in the method;
  3. The knowledge base is a code of practice that lists measures to be used to treat the risks.

The method applied to the field of connected objects

The CNIL also publishes a specific version of its PIA method applied to the field of connected objects (called a PIAF – Privacy Impact Assessment Framework) as well as a case study on a sleep monitor.

The guides, PIAF on connected object and the case study are available for download here.

A new version of the PIA software

Coming with the new edition of the guides, the software has also been updated. Following the feedback we got from the users, we’ve implemented the improvements described below:

  • the tool is now available in German and Spanish thanks to the translations provided by members of the community. If you wish to propose your own translation, we encourage you to read this tutorial;
  • a user manual has been added to the tool;
  • an attachment history has been added in the PIA validation section;
  • a customization feature has been added when creating the PIA report to be printed;
  • improvements for the workflow have been made to offer an eased user experience;
  • various improvements have been made in the interface (field editing, new feedback modalities from the interface, etc.);
  • various software optimization (partially sighted access standards, language selection, software speed, etc.).

Several bugs have also been fixed:

  • resolving the issue when duplicating a PIA;
  • fixing the sorting feature;
  • fixing the access and entry of the DPO page;
  • resolving the window duplication when exporting a PIA.

The new beta version of the PIA software is available for download on the PIA webpage.  Available under a free license, anyone can contribute to the software by developing new features and share them with the community.

Still in its beta version, the PIA software will be updated in the incoming month. We recommend you to consult the help page would you encounter any issue. If you don’t find a relevant answer, you can ask your question on Github or send us your comment and suggestions via our contact form.

Keywords associated to this article