[protecting people by good design, solid security, efficient processes and trusted services]
In a decision dated 17 April 2019, the Conseil d’Etat (the Supreme Administrative Court) confirmed a decision of sanction issued by the French Data Protection Authority (the CNIL) but reduced the amount of the sanction from €250,000 to €200,000.
This decision gives precious guidance: in case of a data breach, the implementation of corrective measures is an argument to obtain a reduction of a fine in case of further prosecution by the CNIL.
https://www.cnil.fr/fr/kit-developpeur
Covers various technical and organizational measures (TOM) in context of software development (SDLC)
CNIL data breach notification forms
https://cnpd.public.lu/dam-assets/fr/actualites/national/2018/GDPR-CARPA-Criteria-v10.pdf
” This document was prepared by the Commission Nationale Pour la Protection des Données (‘CNPD’) in collaboration with representatives from the audit profession. It contains the criteria for the “GDPR-CARPA” certification mechanism. This document should be read in conjunction with the “GDPR-CARPA” certification mechanism document. These certification criteria are a mandatory requirement to evaluate and report on controls over organizational and technical data protection measures, to be eligible for certification. Evaluation and reporting needs to follow the ISAE 3000 standard. Certification can only be granted by certification bodies that have been accredited by CNPD. “
Synthea is a Synthetic Patient Population Simulator. The goal is to output synthetic, realistic (but not real), patient data and associated health records in a variety of formats.
Nice offline tool to generate synthetic patient data..
Fingerprinting smartphone devices (using sensors, etc) – globally unique, survives reset
https://www.lightbluetouchpaper.org/2019/05/21/calibration-fingerprint-attacks-for-smartphones/IAPP tool for members to look up GDPR-related references