Guides

CNDP compliance, Law 09-08, web security — referenced article by article

Practical guides drafted with direct reference to decree 2-09-165 and to public CNDP rulings. No GDPR copy-paste: our texts speak about Moroccan law.

Pillar guides

Law 09-08

CNDP Compliance in Morocco — Complete 2026 Guide

Complete 2026 guide: scope of Law 09-08, forms F211, F214, F112, F118, data subject rights, security, international transfers, sanctions. Article by article.

12 min read

Thematic guides

Security
Article 23 of Law 09-08: mandatory security
Article 23 requires all useful precautions: TLS, HSTS, CSP, HTTP headers, access control, logging, backups, incident notification.
7 min read
Cookies and consent
CNDP cookie banner — real compliance
Runtime tracker blocking, per-category granularity, archived proof, simple withdrawal. What passes and what fails a CNDP audit in Morocco.
7 min read
Governance
DPO in Morocco: obligation, profile, appointment
The DPO is not strictly required under Law 09-08, but it is becoming unavoidable. Profile, internal vs outsourced, governance pitfalls to avoid in Morocco.
7 min read
Formalities
F118 and CNDP international data transfers
Google Workspace, Microsoft 365, Salesforce: every US SaaS involves a transfer. F118 or Standard Contractual Clauses — regularisation explained.
7 min read
Formalities
F112 — CNDP prior authorisation, in practice
The F112 misunderstood in Morocco: health, biometrics, scoring, interconnection. Processing concerned, instruction, conditions, F211/F112 mistakes to avoid.
7 min read
Formalities
CNDP F211 form — 2026 user guide
Filling in the F211 (CNDP standard declaration): required documents, qualification, filing, follow-up until the acknowledgement of filing. Recurring mistakes to avoid in Morocco.
6 min read
Procedure and defence
CNDP mediation, complaints and appeals
How the CNDP handles a complaint, how to respond, when to engage mediation, how to build an opposable documentary defence.
7 min read
Formalities
CNDP filing receipt — 2026 timeline and procedure
Real review timelines, displaying the CNDP receipt, remedies in case of delay, consequences of its absence during an inspection. Practical guide.
6 min read
Legal comparison
GDPR vs Law 09-08 — article-by-article comparison
Law 09-08 and GDPR compared in detail: principles, formalities, rights, sanctions, transfers. Strategy for organisations facing dual compliance.
7 min read
Risks and penalties
CNDP penalties: what you really risk
Administrative sanctions, criminal penalties, reputational damage: the CNDP's gradation doctrine, the expected reform of Law 09-08, and a regularisation strategy.
6 min read

CNDP compliance, Law 09-08, web security — referenced article by article

CNDP Compliance in Morocco — Complete 2026 Guide

Article 23 of Law 09-08: mandatory security

CNDP cookie banner — real compliance

DPO in Morocco: obligation, profile, appointment

F118 and CNDP international data transfers

F112 — CNDP prior authorisation, in practice

CNDP F211 form — 2026 user guide

CNDP mediation, complaints and appeals

CNDP filing receipt — 2026 timeline and procedure

GDPR vs Law 09-08 — article-by-article comparison

CNDP penalties: what you really risk