On the 22 November, the CNIL released on its website an open source ready to use software tool for DPIAs, which can be downloaded for free.

The explanations on the website are currently only in French, but the CNIL’s intention is to have an English explanations as well.

The CNIL’s tool offers the following features:

  • The tool is based on an ergonomic interface, allowing users to manage all DPIAs in a simple manner. It implements the CNIL’s DPIA methodology step by step. Several visualisation tools allow the user to understand, at a glance, the state of the risks of the relevant processing activity.
  • It may be adapted to the specific needs of the controller or the industry sector, for example by creating a DPIA template that can be duplicated and used for processing activities of a similar nature. Published as an open source licence, the source code can be modified to add features or integrate it with tools already published internally.
  • The tool guarantees the lawfulness of the processing, as well as the measures protecting the rights of the data subjects. It also has a contextual knowledge data base accessible at any time during the performance of the DPIA and whose contents, based on the GDPR as well as on the CNIL’s DPIA and Security Guides, will adapt to the relevant processing activity being assessed.

The tool is still under development. Today in its beta version, it will evolve in the coming months, including improvements in the workflow and user experience.

The CNIL is calling for feedback on bugs or suggestions for improvement.


More information can be found under the following link: https://www.cnil.fr/fr/outil-pia-telechargez-et-installez-le-logiciel-de-la-cnil