Link Search Menu Expand Document
Responsible data management toolbox

2.6 Data protection and Data security

The French authorities have developed excellent resources (only in French) that can help NGOs with data protection and security, regardless of the humanitarian dimension of their activities and the “do no harm” principle. Among them are the resources of the National Commission on Informatics and Liberty (CNIL) as well as that of the rench National Agency for the Security of Information Systems (ANSSI).


2.6.1 CNIL resources

A large part of the CNIL’s resources are available on its website.

Here is a non-exhaustive list of resources that can support NGOs in terms of responsible data management and data protection:

  • “Data protection - Adopt the 6 good reflexes” sheet: this sheet presents concepts and principles that can be useful to raise awareness of the protection of personal data.
  • Article “GDPR: what are we talking about?”: this article is a good reminder of key definitions such as “personal data” and “processing of personal data” and who is affected by the GDPR.
  • Article “GDPR: where to start?”: this article describes the 4 main actions that need to be taken to start and ensure compliance with data protection rules.
  • Article “GDPR: prepare in 6 steps”: this article presents 6 steps that organizations must follow in order to ensure optimal data protection at all times and be able to demonstrate it by documenting their compliance.
  • The CNIL FAQ
  • “Legal bases” practical sheets: the CNIL offers practical sheets for professionals that can help them understand the legal bases and choose those that will be most suitable for their data processing.
  • The practical guide for the DPO: this guide gives the keys to make the most of the presence of a dedicated officer, to be recruited as a DPO or more generally to improve your compliance.
  • The CNIL MOOC: this GDPR workshop is a free online training course open to everyone. This training allows professionals to be made aware of data protection and to support their compliance.
  • The practical guide on data retention periods: this guide answers the questions frequently asked by professionals, both on the principle of limiting the retention of periods and on its implementation.
  • The personal data security guide: this guide is a good reminder of the basic precautions that should be implemented systematically in terms of personal data security.
  • The CNIL’s reference frameworks: these frameworks guide organizations in bringing their data processing into compliance. These regulatory instruments are intended to provide organizations with greater legal certainty. They are drawn up in consultation with the actors or sectors invovled.

2.6.2 ANSSI resources

To raise awareness of good digital security practices and support organizations in the implementation of information systems security measures, ANSSI has produced technical guides, basic good practices lists and infographics intended for diverse audiences. You can find them in this online resource library.

ANSII also provides a glossary that lists key cyber security definitions.

These resources, which are not directed directly towards the international aid sector, nevertheless remain very relevant.