The CNIL, in collaboration with the French government, has recently published a cybersecurity guide for French municipalities. 

In recent times, cybersecurity has posed major difficulties for several communities in France. As a result, a study was conducted by Cybermalveillance.gouv.fr, a government-sponsored cybersecurity initiative, toward the end of 2021. This study was focused on communities with less than 3,500 inhabitants across France, which represents roughly 91% of municipalities in France. According to this report by the CNIL, the aim of this initiative was to understand digital uses, identify the risks/barriers and understand the needs in this type of structure, in order to provide useful and concrete responses. Based on the results of this study, CNIL has published a cybersecurity guide, to help individuals better understand the legal framework for cybersecurity in France. 

Individuals in these municipalities are largely unaware of legal frameworks, and in many cases found them to be complex. 

One of the most significant lessons of this study was that audiences are largely uninformed or unaware. Based on the study’s results, it was revealed that the majority of respondents are indeed unaware of the current legal framework, with the exception of the GDPR. The framework for responsibilities in terms of digital security are scarcely, or not at all known to local elected officials and territorial agents. These individuals largely consider the regulations relating to cybersecurity particularly complex.

The CNIL and Cybermalveillance.gouv.fr have collaborated to tackle this issue by composing a cybersecurity guide. 

In order to ameliorate the issue of lack of knowledge and understanding of the legal frameworks within the municipalities, Cybermalveillance.gouv.fr and CNIL collaborated to compose a cybersecurity guide. This guide relates to the obligations and responsibilities of local authorities and their public establishments where cybersecurity is concerned. It is meant to serve as a source of education for local elected officials as well as territorial agents, on the obligations of authorities regarding various aspects of cybersecurity. These include the protection of personal data, the implementation of local teleservices, and hosting health data. In addition, the guide recalls the various types of legal liability to which local authorities and their public establishments are exposed in the event of cyberattacks and/or damage related to administrative responsibility. civil liability and criminal liability. 

Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.