On April 24, 2024, the Monegasque data protection authority (CCIN) issued a practical guide on data processing security. In particular, the guide outlines the steps organizations can take to ensure the security of data processing.

Assessing security of processing

When analyzing the security of data processing, the guide recommends that organizations should:

• understand the purpose of data processing and the type of data collected;
• assess the access authorizations granted and the traceability of actions;
• assess security measures appropriate to the data's purpose, including data identification levels, storage locations, security protocols, and backup locations;
• examine data transfer methods such as web portals, email, and physical media;
• evaluate any data transfers to countries without adequate protection and the security implications of such transfers; and
• determine the linkages with other data processes and provide justifications for these relationships.

Physical security measures

The guide highlights that the security of processing should encompass both software security, such as firewalls and antivirus, and physical measures. To ensure the physical security of processing the guide outlines that organizations should take several measures including:

• implementing enhanced security measures such as cameras, and restricted access for high-risk areas like server rooms;
• limiting access based on necessity, and maintaining logs of all access to secure areas;
• implementing security for portable devices and sensitive documents, using encryption, secure storage, and physical locks;
• training employees on security practices and the risks of personal devices and tools; and
• regularly updating access controls and security measures, particularly when employees leave or new threats are identified.

You can read the guide, only available in French, here.