GDPR toolkit

The GDPR provides a diversified toolbox enabling organizations to dynamically manage and demonstrate their compliance with the Regulation: records of processing activities, information statements, data protection impact assessments, transfer frameworks, legal frameworks, certifications or codes of conduct.

Record of processing activities

The recording obligation is stated by article 30 of the GDPR. It is a tool to help you to be compliant with the Regulation. The record is a document with inventory and analysis purposes, which must reflect the reality of your personal data…

Privacy Impact assessment (pia)

Where a processing is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall carry out a privacy impact assessment.

General Data Protection Regulation: a guide to assist processors

Who does it apply to? Applicable as from 25 May 2018, the GDPR imposes specific obligations on processors who may be held liable in the event of data breaches. These obligations apply to all organisations which process personal data on behalf…

Code of conduct

Codes of conduct are one of the new compliance tools provided by the GDPR. They allow a harmonisation of practices at the level of a sector of activity.

Les articles associés les plus consultés

Annual report: CNIL's achievements and key actions in 2024

29 April 2025

The CNIL’s Missions

29 April 2025

Artificial intelligence and public services: the CNIL publishes the results of its “sandbox”

18 April 2025

Les documents associés à cette thématique

Affiche - 10 conseils pour rester net sur le web

Affiche

Affiche - 10 conseils pour rester net sur le web

Guidelines

Infografics - DPIA

Guidelines

Guidelines on Data Protection Impact Assessment (DPIA)