• Stars
    star
    323
  • Rank 130,051 (Top 3 %)
  • Language
    HTML
  • License
    GNU General Publi...
  • Created over 4 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The CNIL publishes a GDPR guide for developers

GDPR Developer Guide

In order to assist web and application developers in making their work GDPR-compliant, the CNIL has drawn up a new guide to best practices under an open source license, which is intended to be enriched by professionals.

This guide is published under license GPLv3 and under open license 2.0 (explicitly compatible with CC-BY 4.0 FR). You can freely contribute to its redaction.

The French version is the authentic version of this guide. An Italian version of this guide is also available in pdf and for contributions.

Is this guide for developers only?

This guide is mainly aimed at developers working alone or in teams, team leaders, service providers but also at anyone interested in web or application development.

It provides advice and best practices, and thus gives useful keys to understand the GDPR for every stakeholder, regardless of the size of their structure. It can also stimulate discussions and practices within the organisations and in customer relationships.

What does the guide contain?

This guide is divided into 16 thematic sheets which cover most of the needs of developers at each stage of their project, from the preparation of the development to the use of analytics.

The General Data Protection Regulation (or GDPR) specifies that the protection of the rights and freedoms of natural persons requires that "appropriate technical and organisational measures be taken to ensure that the requirements of this Regulation are met" (Recital 78).

The determination of these measures is necessarily related to the context of the processing operations put in place, and the controller (the public or private entity processing personal data) must therefore ensure the security of the data it is called upon to process.

The good practices in this guide are therefore not intended to cover all the requirements of the regulations nor to be prescriptive, they provide a first level of measures to take into account privacy protection issues in IT developments that are intended to be applied to all data processing projects. Depending on the nature of the processing carried out in certain cases, additional measures will have to be implemented in order to fully comply with the regulations.

Table of contents

  1. Develop in compliance with the GDPR

  2. Identify personal data

  3. Prepare your development

  4. Securing your development environment

  5. Manage your source code

  6. Make an informed choice of architecture

  7. Securing your websites, applications and servers

  8. Minimize data collection

  9. Manage user profiles

  10. Control your libraries and SDKs

  11. Ensure the quality of the code and its documentation

  12. Test your applications

  13. Inform users

  14. Prepare to exercise people's rights

  15. Define a data retention period

  16. Take into account the legal basis in the technical implementation

  17. Use analytics on your websites and applications

How can I contribute to this guide?

This guide is available in two versions:

The contribution is done in a few steps:

  • Register on Github;
  • Go to the project page;
  • You can:
    • Use the "Issue" tab to open comments or participate in the discussion
    • Use the "Fork" option to make your own modifications and propose their inclusion via the "Pull Requests" button.

Your contribution proposal will be examined by the CNIL before publication. The web version of the GDPR developer's guide will be regularly updated.

Usage

To release this repository yourself, you can use the Pandoc tool. This tool will allow you to convert the records into a docx file or an HTML document.

You can find the instructions to install this tool here

  • To generate a .docx file:
pandoc -s --toc --toc-depth=1 -o GDPR_developer_guide.docx [0-9][0-9]*.md
  • To generate an .html file:
pandoc -s --template="templates/mytemplate.html" -H templates/pandoc.css -o index.html README.md [0-9][0-9]*.md

More Repositories

1

Guide-RGPD-du-developpeur

La CNIL publie un guide RGPD pour les développeurs
HTML
1,065
star
2

pia

Version web front office de l’application PIA à déployer sur un serveur afin d’en donner l’accès via un navigateur web | Front office of the PIA application to be deployed on a server in order to access it through a web browser.
TypeScript
263
star
3

CookieViz

CookieViz est un outil de visualisation qui permet de mesurer l'impact des cookies lors de votre propre navigation.
CSS
184
star
4

pia-back

Programme développé avec le framework RubyOnRails mettant à disposition une API RESTful à destination des outils PIA et PIA-APP. | Program developped with RubyOnRails providing a RESTful API for the PIA and PIA-APP applications.
Ruby
156
star
5

pia-app

Exécutable permettant de lancer l’application (front office) PIA sur son ordinateur. C’est une version portable de l’outil PIA. | Executable to launch the PIA application on your computer. It is a stand-alone version of the PIA application.
JavaScript
53
star
6

Cookie-consent_Google-Analytics

Code pour mettre Google Analytics en conformité avec la législation française sur les cookies. Attention toutefois, cette version du code ne fonctionne qu'avec les anciennes versions de Google Analytics.
JavaScript
42
star
7

SigGroup

DĂ©monstrateur de signature de groupes
HTML
18
star
8

dereferencement

Cette extension permet de déterminer si un lien apparaît ou non parmi l’ensemble des résultats d’un moteur de recherche, à la saisie de votre nom.
JavaScript
15
star
9

RGPD

Dataviz Règlement général pour la protection des données
Python
15
star
10

loutre

LOgiciel Unique de TRaitement des Empreintes
Rust
12
star
11

Recommandations-pour-le-teletravail

Recommandations de la CNIL pour le télétravail
HTML
11
star
12

Phrase2passe

Implémentation d'un algorithme permettant de générer un mot de passe fort à partir d'une phrase de passe.
JavaScript
11
star
13

Hally-L-oracle-du-net

Cette extension vous permet de démystifier la magie des algorithmes et de comprendre comment fonctionnent les réseaux sociaux et les moteurs de recherche sur lesquels vous allez tous les jours. Installez-la et laissez l’Oracle vous montrer ce que fait Facebook de vos likes, Twitter de vos retweets et Google de vos requêtes.
JavaScript
10
star
14

mon_assistant_cnil

Le LINC a développé un assistant vocal fonctionnant exclusivement en local, et sans connexion internet.
Java
9
star
15

CNIL-Cookies-List

Cookies List est une extension Firefox permettant de lister les cookies enregistrés dans le navigateur.
JavaScript
5
star
16

Cabanon

CabAnon vise à évaluer les performances de différentes techniques d’anonymisation sous la forme de dataviz interactives. Elles évaluent le « coût » de ces techniques en terme de potentiel d’utilisation de jeux de données anonymisées.
JavaScript
5
star
17

Ads.txt-et-Sellers.json

Code source des deux études sur Ads.txt et Sellers.json, ainsi que des outils utilisés.
JavaScript
3
star
18

scripts-vm-cel

Scripts de génération de la machine virtuelle de référence pour les contrôles en ligne
Shell
3
star
19

cookieviz-extension

Mesure l'impact des cookies sur votre navigateur
JavaScript
2
star
20

encryption_infographics

You can traduce this infographic about "encyption" in your language
2
star
21

pia-i18n

Repository permettant de regrouper et gérer spécifiquement les traductions faites pour l'outil pia
TypeScript
1
star
22

obs-cookies

Code source et méthodologie de l'article https://linc.cnil.fr/obs-cookies
JavaScript
1
star