French Data Protection Authority

The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public clouds with seven key steps, summarized below, to be followed by cloud customers:

1. Identify the types of data and the data processing that could