Excellent guide written by CNIL to help developers doing their job while taking in consideration their duties in term of GDPR compliance.
 
 
Go to file
LINC ad435b0a2b First version of the website 2020-06-11 11:34:22 +02:00
templates First version of the guide 2020-06-11 11:21:51 +02:00
00-Develop in compliance with the GDPR.md First version of the guide 2020-06-11 11:21:51 +02:00
01-Identify personal data.md First version of the guide 2020-06-11 11:21:51 +02:00
02-Prepare your development.md First version of the guide 2020-06-11 11:21:51 +02:00
03-Secure your development environment.md First version of the guide 2020-06-11 11:21:51 +02:00
04-Manage your source code.md First version of the guide 2020-06-11 11:21:51 +02:00
05-Make an informed choice of architecture.md First version of the guide 2020-06-11 11:21:51 +02:00
06-Secure your websites, applications and servers.md First version of the guide 2020-06-11 11:21:51 +02:00
07-Minimize data collection.md First version of the guide 2020-06-11 11:21:51 +02:00
08-Manage user profiles.md First version of the guide 2020-06-11 11:21:51 +02:00
09-Control your libraries and SDKs.md First version of the guide 2020-06-11 11:21:51 +02:00
10-Ensure the quality of the code and its documentation.md First version of the guide 2020-06-11 11:21:51 +02:00
11-Test your applications.md First version of the guide 2020-06-11 11:21:51 +02:00
12-Inform users.md First version of the guide 2020-06-11 11:21:51 +02:00
13-Prepare for the exercise of people rights.md First version of the guide 2020-06-11 11:21:51 +02:00
14-Define a data retention period.md First version of the guide 2020-06-11 11:21:51 +02:00
15-Take into account the legal basis in the technical implementation.md First version of the guide 2020-06-11 11:21:51 +02:00
16-Use analytics on your websites and applications.md First version of the guide 2020-06-11 11:21:51 +02:00
LICENSE First version of the guide 2020-06-11 11:21:51 +02:00
README.md First version of the guide 2020-06-11 11:21:51 +02:00
index.html First version of the website 2020-06-11 11:34:22 +02:00

README.md

GDPR Developer Guide

In order to assist web and application developers in making their work GDPR-compliant, the CNIL has drawn up a new guide to best practices under an open source license, which is intended to be enriched by professionals.

This guide is published under license GPLv3 and under open license 2.0 (explicitly compatible with CC-BY 4.0 FR). You can freely contribute to its redaction.

The French version is the authentic version of this guide.

Is this guide for developers only?

This guide is mainly aimed at developers working alone or in teams, team leaders, service providers but also at anyone interested in web or application development.

It provides advice and best practices, and thus gives useful keys to understand the GDPR for every stakeholder, regardless of the size of their structure. It can also stimulate discussions and practices within the organisations and in customer relationships.

What does the guide contain?

This guide is divided into 16 thematic sheets which cover most of the needs of developers at each stage of their project, from the preparation of the development to the use of analytics.

The General Data Protection Regulation (or GDPR) specifies that the protection of the rights and freedoms of natural persons requires that "appropriate technical and organisational measures be taken to ensure that the requirements of this Regulation are met" (Recital 78).

The determination of these measures is necessarily related to the context of the processing operations put in place, and the controller (the public or private entity processing personal data) must therefore ensure the security of the data it is called upon to process.

The good practices in this guide are therefore not intended to cover all the requirements of the regulations nor to be prescriptive, they provide a first level of measures to take into account privacy protection issues in IT developments that are intended to be applied to all data processing projects. Depending on the nature of the processing carried out in certain cases, additional measures will have to be implemented in order to fully comply with the regulations.

Table of contents

  1. Develop in compliance with the RGPD

  2. Identify personal data

  3. Prepare your development

  4. Securing your development environment

  5. Manage your source code

  6. Make an informed choice of architecture

  7. Securing your websites, applications and servers

  8. Minimize data collection

  9. Manage user profiles

  10. Control your libraries and SDKs

  11. Ensure the quality of the code and its documentation

  12. Test your applications

  13. Inform users

  14. Prepare to exercise people's rights

  15. Define a data retention period

  16. Take into account the legal basis in the technical implementation

  17. Use analytics on your websites and applications

How can I contribute to this guide?

This guide is available in two versions:

The contribution is done in a few steps:

  • Register on Github;
  • Go to the project page;
  • You can:
    • Use the "Issue" tab to open comments or participate in the discussion
    • Use the "Fork" option to make your own modifications and propose their inclusion via the "Pull Requests" button.

Your contribution proposal will be examined by the CNIL before publication. The web version of the RGPD developer's guide will be regularly updated.

Usage

To release this repository yourself, you can use the Pandoc tool. This tool will allow you to convert the records into a docx file or an HTML document.

You can find the instructions to install this tool here

  • To generate a .docx file:
pandoc -s --toc --toc-depth=1 -o Guide_RGPD_developper.docx [0-9][0-9]*.md
  • To generate an .html file:
pandoc -s --template="templates/mytemplate.html" -H templates/pandoc.css -o index.html README.md [0-9][0-9]*.md