{"id":10793,"date":"2018-05-28T17:57:12","date_gmt":"2018-05-28T16:57:12","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=10793\/"},"modified":"2020-01-02T13:41:29","modified_gmt":"2020-01-02T12:41:29","slug":"3-idees-recues-sur-les-obligations-du-rgpd-13","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/","title":{"rendered":"3 id\u00e9es re\u00e7ues sur les obligations du RGPD (1\/3)"},"content":{"rendered":"<p><em>Suite \u00e0 l\u2019adoption du RGPD en 2016, la plupart des entreprises se sont dot\u00e9es aujourd\u2019hui d\u2019une d\u00e9marche structur\u00e9e en vue de l\u2019\u00e9ch\u00e9ance de mai 2018. Comme nous l\u2019observons chez nos clients et pour y avoir dans de nombreux cas contribu\u00e9, nous assistons aujourd\u2019hui \u00e0 de bonnes avanc\u00e9es en termes d\u2019\u00e9tat des lieux, d\u2019analyse d\u2019\u00e9cart et de feuille de route pour la mise en conformit\u00e9. Commence donc maintenant la phase de mise en \u0153uvre de ces plans, dans laquelle la transformation du SI tient une place primordiale (cartographie et s\u00e9curisation des donn\u00e9es, gestion des consentements, de l\u2019information aux utilisateurs, application du droit \u00e0 l\u2019oubli\u2026).<\/em><\/p>\n<p>C\u2019est dans ce contexte que l\u2019on entend r\u00e9guli\u00e8rement des interpr\u00e9tations inexactes du texte, qui d\u2019anodines peuvent se r\u00e9v\u00e9ler dangereuses. Elles peuvent en effet induire les d\u00e9cideurs \u00e0 mener des actions inadapt\u00e9es ou oublier certains points de mise en conformit\u00e9, laissant l\u2019entreprise expos\u00e9e \u00e0 des sanctions ou \u00e0 une d\u00e9gradation de son image de marque.<\/p>\n<p>Nous proposons dans cette s\u00e9rie de 3 articles de d\u00e9construire 3 id\u00e9es re\u00e7ues sur le RGPD\u00a0:<\/p>\n<ul>\n<li>Id\u00e9e re\u00e7ue #1 \u2013 Le consentement est obligatoire<\/li>\n<li>Id\u00e9e re\u00e7ue #2 \u2013 Le RGPD impose d\u2019anonymiser les donn\u00e9es<\/li>\n<li>Id\u00e9e re\u00e7ue #3 \u2013 Il y a une dur\u00e9e maximale de conservation des donn\u00e9es.<\/li>\n<\/ul>\n<h2><strong>Id\u00e9e re\u00e7ue #1 &#8211; le consentement est obligatoire<br \/>\n<\/strong><\/h2>\n<p>Le recueil du consentement n&#8217;est pas obligatoire, il existe de nombreux autres \u00e9l\u00e9ments qui peuvent justifier un traitement de donn\u00e9es \u00e0 caract\u00e8re personnel (DCP). Parmi les plus courants pour une entreprise, on trouve notamment l&#8217;ex\u00e9cution d&#8217;un contrat ou une obligation l\u00e9gale. Ce n&#8217;est donc pas un consentement qui est n\u00e9cessaire au traitement des DCP d\u2019une personne, mais plus largement une <strong>justification<\/strong>, c\u2019est-\u00e0-dire la base l\u00e9gale du traitement.<a href=\"#_edn1\" name=\"_ednref1\">[i]<\/a>\u00a0De plus, le traitement est strictement li\u00e9 \u00e0 une ou plusieurs <strong>finalit\u00e9s<\/strong>, pour lesquelles l\u2019utilisateur peut donner son consentement.<\/p>\n<p>Ce qui compte, c\u2019est donc le <em>triangle <strong>Donn\u00e9e-Justification-Traitement<\/strong><\/em>\u00a0:<\/p>\n<figure id=\"post-10794 media-10794\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-10794\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-1-3-idees-recues.png\" alt=\"\" width=\"890\" height=\"451\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-1-3-idees-recues.png 890w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-1-3-idees-recues-377x191.png 377w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-1-3-idees-recues-768x389.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-1-3-idees-recues-71x36.png 71w\" sizes=\"auto, (max-width: 890px) 100vw, 890px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<p>Ce triangle est ind\u00e9pendant et ins\u00e9cable\u00a0:<\/p>\n<ul>\n<li><strong>Ind\u00e9pendant \/<\/strong> Il est ind\u00e9pendant des autres triangles. Le fait qu\u2019on ait obtenu un consentement pour une donn\u00e9e et une finalit\u00e9 n\u2019implique pas qu\u2019on puisse traiter la m\u00eame donn\u00e9e pour une finalit\u00e9 diff\u00e9rente, ni une autre donn\u00e9e pour la finalit\u00e9.<\/li>\n<li><strong>Ins\u00e9cable \/<\/strong> Les trois piliers du triangle sont tous trois porteurs donc indissociables\u00a0:\n<ul>\n<li>Si de fait le traitement devient caduc ou si les donn\u00e9es ne sont plus n\u00e9cessaires au traitement, et que les donn\u00e9es ne sont couvertes par aucun autre triangle, il faut effacer les donn\u00e9es.<a href=\"#_edn1\" name=\"_ednref1\">[ii]<\/a>.<\/li>\n<li>Si la justification devient caduque (fin d\u2019un contrat ou retrait du consentement par exemple), il faut cesser le traitement et, si les donn\u00e9es ne sont couvertes par aucun autre triangle,il faut effacer les donn\u00e9es.<a href=\"#_edn1\" name=\"_ednref1\">[iii]<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Une gestion centralis\u00e9e des donn\u00e9es personnelles, pour le client et pour le back-office<\/h3>\n<p>Dans le cadre de la conformit\u00e9 au RGPD, il convient de se doter d\u2019un <strong>\u00ab\u00a0syst\u00e8me de gestion des donn\u00e9es personnelles\u00a0\u00bb<\/strong> g\u00e9rant de mani\u00e8re uniformis\u00e9e toutes les justifications, ou du moins les plus courantes\u00a0: les clauses contractuelles, le consentement et les obligations l\u00e9gales notamment.<\/p>\n<p>Cet angle de vue centr\u00e9 client impos\u00e9 par le RGPD implique d\u2019avoir au sein du SI une <strong>vision Client Unique \/ Golden Record<\/strong>, afin de g\u00e9rer de mani\u00e8re unifi\u00e9e des donn\u00e9es d\u2019un m\u00eame client qui seraient \u00e9clat\u00e9es dans de nombreux r\u00e9f\u00e9rentiels \u00e9ventuellement d\u00e9corr\u00e9l\u00e9s.<\/p>\n<p>Ce syst\u00e8me se d\u00e9cline d\u2019une part en un front-office, permettant au client d\u2019acc\u00e9der de mani\u00e8re centralis\u00e9e \u00e0 ses donn\u00e9es d\u00e9tenues par l\u2019entreprise et exercer ses droits sur celles-ci\u00a0: consentement, contrats, droit \u00e0 l\u2019oubli, portabilit\u00e9, rectification, traitements autoris\u00e9s, etc.<\/p>\n<figure id=\"post-10798 media-10798\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-10798\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-2-3-idees-recues.png\" alt=\"\" width=\"642\" height=\"331\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-2-3-idees-recues.png 642w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-2-3-idees-recues-370x191.png 370w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-2-3-idees-recues-71x37.png 71w\" sizes=\"auto, (max-width: 642px) 100vw, 642px\" \/><\/figure>\n<p style=\"text-align: center;\"><em>Figure 1 &#8211; Le portail de gestion de ses donn\u00e9es personnelles de Google<\/em><\/p>\n<p>D\u2019autre part, le back-office consiste en un <em>R\u00e9f\u00e9rentiel Donn\u00e9es-Justification-Traitement<\/em>, o\u00f9 le <em>triangle <\/em>ci-dessus serait mat\u00e9rialis\u00e9 sous la forme d\u2019une table avec le triplet Donn\u00e9es-Justification-Traitement, ainsi que quelques autres attributs (dont la r\u00e9f\u00e9rence \u2013 identifiant unique, cl\u00e9 \u00e9trang\u00e8re\u2026 \u2013 \u00e0 la personne concern\u00e9e).<\/p>\n<p>La mod\u00e9lisation en <em>R\u00e9f\u00e9rentiel Donn\u00e9es-Justification-Traitement<\/em> faciliterait :<\/p>\n<ul>\n<li>en <strong>\u00e9criture<\/strong>, la cr\u00e9ation de nouvelles justifications (par exemple un consentement) et leur suppression\u00a0;<\/li>\n<li>en <strong>lecture<\/strong>, la v\u00e9rification automatique de la possibilit\u00e9 de traitement d\u2019une DCP pour une finalit\u00e9 identifi\u00e9e, par l\u2019existence d\u2019un triplet valide en base (il peut en exister plusieurs) et pour le client l\u2019acc\u00e8s, requis par le RGPD \u00e0 toutes les donn\u00e9es le concernant et les traitements associ\u00e9s.<\/li>\n<\/ul>\n<figure id=\"post-10800 media-10800\" class=\"align-center\">\n<figure id=\"post-10803 media-10803\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-10803\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-3-3-idees-recues-1.png\" alt=\"\" width=\"1314\" height=\"616\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-3-3-idees-recues-1.png 1314w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-3-3-idees-recues-1-407x191.png 407w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-3-3-idees-recues-1-768x360.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Image-3-3-idees-recues-1-71x33.png 71w\" sizes=\"auto, (max-width: 1314px) 100vw, 1314px\" \/><\/figure>\n<\/figure>\n<p style=\"text-align: center;\"><em>Figure 2 &#8211; Exemple de cas o\u00f9 deux justifications peuvent couvrir en partie les m\u00eames donn\u00e9es<\/em><\/p>\n<p>NB\u00a0: Le consentement doit \u00eatre trac\u00e9 et historis\u00e9 (les valeurs\u00a0successives doivent \u00eatre gard\u00e9es pour d\u2019\u00e9ventuelles v\u00e9rifications r\u00e9trospectives) : une attention particuli\u00e8re devra \u00eatre port\u00e9e \u00e0 la <strong>tra\u00e7abilit\u00e9<\/strong> (au sens piste d\u2019audit) de ce <em>R\u00e9f\u00e9rentiel Donn\u00e9es-Justification-Traitement<\/em>.<\/p>\n<p>Il convient donc pour une soci\u00e9t\u00e9 souhaitant g\u00e9rer efficacement ses justifications pour traiter des donn\u00e9es personnelles de se munir de ce syst\u00e8me centralis\u00e9, permettant d\u2019une part au client, c\u00f4t\u00e9 front-office, d\u2019exercer ses droits (consentement, oubli, portabilit\u00e9, information\u2026), et d\u2019autre part \u00e0 la soci\u00e9t\u00e9, c\u00f4t\u00e9 back-office, d\u2019avoir une vue claire des donn\u00e9es qu\u2019elle traite pour chaque client et de la justification qui l\u2019autorise \u00e0 les traiter, quelle qu\u2019elle soit (contrat, consentement, obligation l\u00e9gale\u2026).<\/p>\n<p>Au-del\u00e0 d\u2019encadrer pr\u00e9cis\u00e9ment ce qui autorise le traitement des donn\u00e9es, le RGPD impose \u00e9galement des mesures de s\u00e9curit\u00e9 contre les fuites et les vols de donn\u00e9es, notamment via des techniques comme l\u2019anonymisation, la pseudonymisation et le chiffrement. Dans le prochain article nous proposons d\u2019\u00e9claircir la port\u00e9e et le r\u00f4le de chacune de ces techniques bien distinctes.<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"#_ednref1\" name=\"_edn1\">[i]<\/a> Article 6, paragraphe 1<\/p>\n<p><a href=\"#_edn1\" name=\"_ednref1\"><\/a><\/p>\n<p><a href=\"#_ednref1\" name=\"_edn1\">[ii]<\/a> Article 5, paragraphe 1, point e)<\/p>\n<p><a href=\"#_ednref1\" name=\"_edn1\">[ii]<\/a> Article 5, paragraphe 1, point e)<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Suite \u00e0 l\u2019adoption du RGPD en 2016, la plupart des entreprises se sont dot\u00e9es aujourd\u2019hui d\u2019une d\u00e9marche structur\u00e9e en vue de l\u2019\u00e9ch\u00e9ance de mai 2018. Comme nous l\u2019observons chez nos clients et pour y avoir dans de nombreux cas contribu\u00e9,&#8230;<\/p>\n","protected":false},"author":1318,"featured_media":10812,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3226],"tags":[417,2959,3299,2842,413],"coauthors":[2980],"class_list":["post-10793","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-digital-compliance","tag-conformite","tag-consentement","tag-digital-privacy","tag-rgpd","tag-vie-privee"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>3 id\u00e9es re\u00e7ues sur les obligations du RGPD (1\/3) - RiskInsight<\/title>\n<meta name=\"description\" content=\"De nombreuses id\u00e9es re\u00e7ues circulent sur les obligations du RGPD. Ce premier article vise \u00e0 d\u00e9mystifier l&#039;obligation de collecter le consentement.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"3 id\u00e9es re\u00e7ues sur les obligations du RGPD (1\/3) - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"De nombreuses id\u00e9es re\u00e7ues circulent sur les obligations du RGPD. Ce premier article vise \u00e0 d\u00e9mystifier l&#039;obligation de collecter le consentement.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-28T16:57:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-02T12:41:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Fotolia_69519539_Subscription_Monthly_XXL-CUT-Flat-style-vector-illustration-brainstorming-process-concept-Sentavio.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"4124\" \/>\n\t<meta property=\"og:image:height\" content=\"2902\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Forest0Giulio\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Forest0Giulio\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/\"},\"author\":{\"name\":\"Forest0Giulio\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/022367a67c2c7b38c0dab4b7671a7193\"},\"headline\":\"3 id\u00e9es re\u00e7ues sur les obligations du RGPD (1\/3)\",\"datePublished\":\"2018-05-28T16:57:12+00:00\",\"dateModified\":\"2020-01-02T12:41:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/\"},\"wordCount\":1055,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Fotolia_69519539_Subscription_Monthly_XXL-CUT-Flat-style-vector-illustration-brainstorming-process-concept-Sentavio.jpg\",\"keywords\":[\"conformit\u00e9\",\"Consentement\",\"Digital privacy\",\"RGPD\",\"vie priv\u00e9e\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Digital Compliance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/\",\"name\":\"3 id\u00e9es re\u00e7ues sur les obligations du RGPD (1\/3) - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Fotolia_69519539_Subscription_Monthly_XXL-CUT-Flat-style-vector-illustration-brainstorming-process-concept-Sentavio.jpg\",\"datePublished\":\"2018-05-28T16:57:12+00:00\",\"dateModified\":\"2020-01-02T12:41:29+00:00\",\"description\":\"De nombreuses id\u00e9es re\u00e7ues circulent sur les obligations du RGPD. Ce premier article vise \u00e0 d\u00e9mystifier l'obligation de collecter le consentement.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Fotolia_69519539_Subscription_Monthly_XXL-CUT-Flat-style-vector-illustration-brainstorming-process-concept-Sentavio.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Fotolia_69519539_Subscription_Monthly_XXL-CUT-Flat-style-vector-illustration-brainstorming-process-concept-Sentavio.jpg\",\"width\":4124,\"height\":2902,\"caption\":\"Print\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"3 id\u00e9es re\u00e7ues sur les obligations du RGPD (1\/3)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/022367a67c2c7b38c0dab4b7671a7193\",\"name\":\"Forest0Giulio\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/forest0giulio\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"3 id\u00e9es re\u00e7ues sur les obligations du RGPD (1\/3) - RiskInsight","description":"De nombreuses id\u00e9es re\u00e7ues circulent sur les obligations du RGPD. Ce premier article vise \u00e0 d\u00e9mystifier l'obligation de collecter le consentement.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/","og_locale":"en_US","og_type":"article","og_title":"3 id\u00e9es re\u00e7ues sur les obligations du RGPD (1\/3) - RiskInsight","og_description":"De nombreuses id\u00e9es re\u00e7ues circulent sur les obligations du RGPD. Ce premier article vise \u00e0 d\u00e9mystifier l'obligation de collecter le consentement.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/","og_site_name":"RiskInsight","article_published_time":"2018-05-28T16:57:12+00:00","article_modified_time":"2020-01-02T12:41:29+00:00","og_image":[{"width":4124,"height":2902,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Fotolia_69519539_Subscription_Monthly_XXL-CUT-Flat-style-vector-illustration-brainstorming-process-concept-Sentavio.jpg","type":"image\/jpeg"}],"author":"Forest0Giulio","twitter_misc":{"Written by":"Forest0Giulio","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/"},"author":{"name":"Forest0Giulio","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/022367a67c2c7b38c0dab4b7671a7193"},"headline":"3 id\u00e9es re\u00e7ues sur les obligations du RGPD (1\/3)","datePublished":"2018-05-28T16:57:12+00:00","dateModified":"2020-01-02T12:41:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/"},"wordCount":1055,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Fotolia_69519539_Subscription_Monthly_XXL-CUT-Flat-style-vector-illustration-brainstorming-process-concept-Sentavio.jpg","keywords":["conformit\u00e9","Consentement","Digital privacy","RGPD","vie priv\u00e9e"],"articleSection":["Cybersecurity &amp; Digital Trust","Digital Compliance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/","url":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/","name":"3 id\u00e9es re\u00e7ues sur les obligations du RGPD (1\/3) - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Fotolia_69519539_Subscription_Monthly_XXL-CUT-Flat-style-vector-illustration-brainstorming-process-concept-Sentavio.jpg","datePublished":"2018-05-28T16:57:12+00:00","dateModified":"2020-01-02T12:41:29+00:00","description":"De nombreuses id\u00e9es re\u00e7ues circulent sur les obligations du RGPD. Ce premier article vise \u00e0 d\u00e9mystifier l'obligation de collecter le consentement.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Fotolia_69519539_Subscription_Monthly_XXL-CUT-Flat-style-vector-illustration-brainstorming-process-concept-Sentavio.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2018\/05\/Fotolia_69519539_Subscription_Monthly_XXL-CUT-Flat-style-vector-illustration-brainstorming-process-concept-Sentavio.jpg","width":4124,"height":2902,"caption":"Print"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2018\/05\/3-idees-recues-sur-les-obligations-du-rgpd-13\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"3 id\u00e9es re\u00e7ues sur les obligations du RGPD (1\/3)"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/022367a67c2c7b38c0dab4b7671a7193","name":"Forest0Giulio","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/forest0giulio\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1318"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=10793"}],"version-history":[{"count":9,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10793\/revisions"}],"predecessor-version":[{"id":10933,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10793\/revisions\/10933"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/10812"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=10793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=10793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=10793"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=10793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}