October 25, 2020

Volume X, Number 299


October 23, 2020

Subscribe to Latest Legal News and Analysis

CNIL Releases Software Tool For DPIA

On the 22 November, the CNIL released on its website an open source ready to use software tool for DPIAs, which can be downloaded for free.

The explanations on the website are currently only in French, but the CNIL’s intention is to have an English explanations as well.

The CNIL’s tool offers the following features:

  • The tool is based on an ergonomic interface, allowing users to manage all DPIAs in a simple manner. It implements the CNIL’s DPIA methodology step by step. Several visualisation tools allow the user to understand, at a glance, the state of the risks of the relevant processing activity.

  • It may be adapted to the specific needs of the controller or the industry sector, for example by creating a DPIA template that can be duplicated and used for processing activities of a similar nature. Published as an open source licence, the source code can be modified to add features or integrate it with tools already published internally.

  • The tool guarantees the lawfulness of the processing, as well as the measures protecting the rights of the data subjects. It also has a contextual knowledge data base accessible at any time during the performance of the DPIA and whose contents, based on the GDPR as well as on the CNIL’s DPIA and Security Guides, will adapt to the relevant processing activity being assessed.

The tool is still under development. Today in its beta version, it will evolve in the coming months, including improvements in the workflow and user experience.

The CNIL is calling for feedback on bugs or suggestions for improvement.

© Copyright 2020 Squire Patton Boggs (US) LLPNational Law Review, Volume VII, Number 340



About this Author

Stephanie Faber International Business Attorney Squire Patton Boggs Paris, France
Of Counsel

Stephanie Faber heads the Data Privacy & Cybersecurity Practice and the Intellectual Property & Technology Practice in the Paris office. She specialises in international business law, with more than 20 years of experience. Her legal practice encompasses business transactions and operations, as well regulatory and compliance work.

In relation to the Data Privacy & Cybersecurity Practice, Stephanie advises on:

  • GDPR gap assessment and compliance programs
  • Data breach management and notification
  • Database creation, international...
33 1-5383-7400