General Data Protection Regulation (GDPR) , Standards, Regulations & Compliance

France's CNIL Calls for Cybersecurity Recommendations

Regulator Will Publish Guide for Organizations That Process Data on a Large Scale
France's CNIL Calls for Cybersecurity Recommendations
Image: Shutterstock

The French data regulator is calling on operators of large-scale databases to shore up cyber defenses against a slew of threats including nation-states and sophisticated hackers capable to exploiting the supply chain or zero-day flaws.

See Also: Software Supply Chain Platform for Financial Services

In a consultation opened Monday, the National Commission on Informatics and Liberty - known as CNIL - named the energy, transport, banking and insurance sectors, internet service providers and government agencies as collectors of sensitive data that should be mindful of the need to safeguard their digital infrastructure against advanced threats.

CNIL said the purpose of the consultation is to establish a set of recommended advanced security practices for organizations engaged in large-scale data processing where a data breach would have significant consequences for individuals, the state or society. The consultation is open until Oct. 8. CNIL intends to publish the recommendations next year.

CNIL opened the consultation just days after French employment agency Pôle emploi announced a breach that outside cybersecurity experts said was a result of late May's mass hacking of MOVEit file transfer software (see: Victims Sue Financial Firms Over MOVEit Data Breaches). French newswire AFP reported the breach likely affected more than 10 million French residents.

CNIL already recommends organizations have a designated data protection and security officer, in addition to the chief information security and data protection officer.

The agency also suggests that organizations have a breach response policy. In addition to stemming any breach swiftly, the policy should spell out response requirements for probable data breach risks, CNIL said.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.