{"id":8411,"date":"2015-10-19T09:00:42","date_gmt":"2015-10-19T08:00:42","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=8411"},"modified":"2020-01-02T13:47:01","modified_gmt":"2020-01-02T12:47:01","slug":"privacy-by-design-anticiper-pour-mieux-proteger-partie-1","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/","title":{"rendered":"Privacy by design : anticiper pour mieux prot\u00e9ger (partie 1)"},"content":{"rendered":"<p><em>La phase de seconde lecture du r\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel devrait vraisemblablement s\u2019achever d\u2019ici la fin de l\u2019ann\u00e9e 2015 par son adoption. Ce r\u00e8glement introduit plusieurs concepts majeurs dont un particuli\u00e8rement structurant qui donne obligation d\u2019assurer la \u00ab protection des donn\u00e9es d\u00e8s la conception \u00bb qui se r\u00e9sume par un terme consacr\u00e9, le \u00abPrivacy By Design\u00bb.<\/em><\/p>\n<p>Adopter une d\u00e9marche de <em>Privacy By Design <\/em>c\u2019est int\u00e9grer le respect de la vie priv\u00e9e d\u00e8s la conception des projets, c\u2019est-\u00e0-dire s\u2019assurer de la pertinence des donn\u00e9es collect\u00e9es, comprendre les risques pour les personnes concern\u00e9es, anticiper l\u2019information et le droit d\u2019acc\u00e8s, etc.<\/p>\n<p>La Loi Informatique et Libert\u00e9, via l\u2019article 34, demandait d\u00e9j\u00e0 au responsable de traitement de \u00ab prendre toutes les pr\u00e9cautions utiles, au regard de la nature des donn\u00e9es et des risques pr\u00e9sent\u00e9s par le traitement, pour pr\u00e9server la s\u00e9curit\u00e9 des donn\u00e9es \u00bb mais n\u2019imposait pas explicitement la mise en oeuvre d\u2019une d\u00e9marche de <em>Privacy By Design<\/em>. De ce fait, peu d\u2019organisations ont d\u00e9j\u00e0 mis en place une telle d\u00e9marche.<\/p>\n<p>Le <em>Privacy By Design <\/em>permet pourtant de <strong>minimiser les efforts fournis pour se conformer \u00e0 la<\/strong> <strong>Loi en \u00e9vitant la mise en conformit\u00e9 <em>a posteriori <\/em><\/strong>qui demande souvent le d\u00e9ploiement de projets d\u2019adaptation de l\u2019existant difficiles organisationnellement, technologiquement complexes et financi\u00e8rement co\u00fbteux.<\/p>\n<h2>Privacy By Design<\/h2>\n<p>Au regard des \u00e9ch\u00e9ances r\u00e9glementaires, et afin de mieux traiter les contraintes de conformit\u00e9, les premi\u00e8res initiatives de Privacy By Design d\u00e9butent et se multiplient. Nos retours d\u2019exp\u00e9rience montrent que plusieurs facteurs cl\u00e9s de succ\u00e8s sont \u00e0 prendre en compte : s\u2019armer de pragmatisme dans la d\u00e9finition de Privacy Impact Assessment, ne pas concevoir un processus d\u00e9corr\u00e9l\u00e9 de l\u2019existant, concentrer l\u2019\u00e9nergie mise en \u0153uvre sur les projets les plus sensibles et outiller les chefs de projets.<\/p>\n<h3>Concevoir une m\u00e9thodologie de Privacy Impact Assessment pragmatique<\/h3>\n<p>Plut\u00f4t que de repartir de z\u00e9ro, il convient comme souvent de s\u2019inspirer des travaux de r\u00e9flexion men\u00e9s par ses pairs. En particulier, la CNIL a d\u00e9cid\u00e9 d\u2019accompagner les responsables de traitements d\u00e9sireux de s\u2019engager dans le Privacy By Design en publiant en juillet 2015 une version r\u00e9vis\u00e9e de son guide de gestion des risques sur la vie priv\u00e9e. Elle l\u2019adapte ainsi au positionnement du r\u00e8glement europ\u00e9en et aux retours d\u2019exp\u00e9rience en proposant une m\u00e9thodologie pour mener des Privacy Impact Assessment (PIA).<\/p>\n<p>Le guide d\u00e9crit la fa\u00e7on d\u2019employer la m\u00e9thode EBIOS, d\u00e9j\u00e0 tr\u00e8s connue et reconnue pour la s\u00e9curit\u00e9 de l\u2019information, sur le sujet Informatique et Libert\u00e9s. Les deux premi\u00e8res \u00e9tapes visent respectivement \u00e0 identifier le contexte particulier aux traitements mis en \u0153uvre par le projet et \u00e0 identifier les mesures n\u00e9cessaires au respect des principes juridiques fondamentaux : respect de la finalit\u00e9, pertinence des donn\u00e9es collect\u00e9es, information des personnes, exercice des droits, s\u00e9curit\u00e9 des donn\u00e9es, accomplissement des formalit\u00e9s. Puis vient l\u2019\u00e9tape dite d\u2019analyse des risques durant laquelle les menaces pertinentes sont identifi\u00e9es et associ\u00e9es aux \u00e9v\u00e8nements redout\u00e9s suivant trois grands types : acc\u00e8s ill\u00e9gitime, modification ou disparition des donn\u00e9es personnelles. Les risques li\u00e9s \u00e0 la conformit\u00e9 Informatique et Libert\u00e9s sont alors \u00e9valu\u00e9s en termes de gravit\u00e9 et de vraisemblance et font l\u2019objet d\u2019une d\u00e9cision quant \u00e0 leur acceptation.<\/p>\n<p>La m\u00e9thodologie d\u2019analyse de risques EBIOS vise l\u2019exhaustivit\u00e9 dans l\u2019analyse des risques encourus. Cette exhaustivit\u00e9 impose g\u00e9n\u00e9ralement aux organisations qui l\u2019utilisent pour leurs analyses de risques SSI de s\u2019appuyer sur des \u00e9quipes d\u2019int\u00e9gration de la s\u00e9curit\u00e9 dans les projets \u00e0 m\u00eame de consacrer suffisamment de temps \u00e0 l\u2019accompagnement des chefs de projets et en mesure de ma\u00eetriser la m\u00e9thodologie, souvent per\u00e7ue comme complexe au premier abord.<\/p>\n<p>Les \u00e9quipes en charge de la conformit\u00e9 ne sont g\u00e9n\u00e9ralement ni organis\u00e9es ni dimensionn\u00e9es pour r\u00e9aliser un accompagnement de tous les projets d\u2019une organisation sur la base d\u2019une m\u00e9thodologie aussi chronophage.<\/p>\n<p>La conduite syst\u00e9matique d\u2019analyses de risques EBIOS pour encadrer les risques Informatiques et Libert\u00e9s appara\u00eet alors souvent comme trop ambitieuse au regard des ressources \u00e0 engager et risque ainsi d\u2019alourdir de fa\u00e7on d\u00e9mesur\u00e9e la charge du chef de projet et donc d\u2019entraver le bon d\u00e9roulement de la m\u00e9thodologie projet.<\/p>\n<p>Il reviendra donc au Correspondant Informatique ou Libert\u00e9 (CIL) ou futur Data Privacy Officer (DPO) d\u2019adapter et de simplifier la m\u00e9thodologie d\u2019analyse de risques qu\u2019il souhaite d\u00e9ployer aux capacit\u00e9s d\u2019accompagnement de ses \u00e9quipes. Plusieurs pistes sont envisageables : r\u00e9alisation d\u2019un questionnaire simple de pr\u00e9-qualification du risque pour prioriser les efforts entre les projets, limitation du nombre de sc\u00e9narios de risques \u00e9tudi\u00e9s, r\u00e9duction des listes de menaces applicables dans le contexte, pr\u00e9identification des risques types, etc.<\/p>\n<h3>S\u2019int\u00e9grer dans la m\u00e9thodologie Projet existante<\/h3>\n<p>Un \u00e9cueil souvent rencontr\u00e9 pour de nouvelles m\u00e9thodologies : vouloir s\u2019appuyer sur un nouveau processus, propre au sujet trait\u00e9 (ici la mise en conformit\u00e9 LIL3), qu\u2019il faudra alors d\u00e9ployer dans l\u2019organisation. \u00c9vang\u00e9lisation chronophage, non connaissance des m\u00e9thodes de travail des chefs de projets, redondance dans les demandes : autant de raisons justifiant l\u2019\u00e9chec probable de cette orientation.<\/p>\n<p>Le CIL devrait plut\u00f4t chercher \u00e0 s\u2019int\u00e9grer dans le processus de gestion de projet existant : \u00e9tapes cl\u00e9s, comit\u00e9s, livrables, etc. Des \u00e9quipes (responsable m\u00e9thode ou qualit\u00e9 par exemple) ont en g\u00e9n\u00e9ral la responsabilit\u00e9 des m\u00e9thodologies projet et peuvent accompagner le CIL dans sa compr\u00e9hension et challenger ses propositions d\u2019amendements.<\/p>\n<p>Depuis plusieurs ann\u00e9es de nombreuses organisations ont d\u2019ailleurs d\u00e9j\u00e0 amend\u00e9 leur processus de gestion de projet pour y int\u00e9grer les exigences de s\u00e9curit\u00e9 SI. Un exercice dont la r\u00e9ussite d\u00e9pend souvent d\u2019une bonne r\u00e9partition des travaux au sein des grandes phases d\u2019un projet. Il se d\u00e9compose en plusieurs phases :<\/p>\n<ul>\n<li><strong>\u00c9tude pr\u00e9alable :<\/strong> appr\u00e9ciation de la criticit\u00e9 du projet afin d\u2019identifier les projets les plus sensibles et prioriser les efforts d\u2019accompagnement. Une analyse de risques SSI d\u00e9taill\u00e9e sera seulement conduite pour les projets les plus sensibles.<\/li>\n<li><strong>Conception :<\/strong> identification des exigences de s\u00e9curit\u00e9 \u00e0 prendre en compte par chacun des acteurs.<\/li>\n<li><strong>Mise en \u0153uvre :<\/strong> suivi de la bonne mise en \u0153uvre des mesures choisies pour r\u00e9pondre aux exigences.<\/li>\n<li><strong>Recette :<\/strong> conduite d\u2019une recette s\u00e9curit\u00e9 qui valide la prise en compte des exigences s\u00e9curit\u00e9 et l\u2019efficacit\u00e9 des mesures mises en place. Elle est souvent accompagn\u00e9e d\u2019un audit de s\u00e9curit\u00e9 ou de tests d\u2019intrusion.<\/li>\n<\/ul>\n<p>Les enjeux \u00e9tant similaires, la m\u00eame m\u00e9thodologie est tout \u00e0 fait adaptable dans un contexte de Privacy By Design. Les erreurs \u00e0 \u00e9viter seront alors les m\u00eames : sous dimensionnement des \u00e9quipes en charge d\u2019accompagner les chefs de projets, complexit\u00e9 de la m\u00e9thode, absence ou r\u00e9alisation trop tardive de la recette visant \u00e0 valider la conformit\u00e9 en fin de processus, non implication des acteurs en charge de la conformit\u00e9 dans les comit\u00e9s cl\u00e9s.<\/p>\n<p>Id\u00e9alement, le Privacy By Design cherchera \u00e0 faire \u00e9voluer la m\u00e9thodologie existante d\u2019int\u00e9gration de la s\u00e9curit\u00e9 dans les projets, celle-ci \u00e9tant d\u00e9j\u00e0 rod\u00e9e et bien connue des acteurs du projet.<\/p>\n<p>La 2<sup>\u00e8me<\/sup> partie publi\u00e9e le mois prochain reviendra sur les deux autres facteurs cl\u00e9s de succ\u00e8s \u00e0 prendre en compte : concentrer l\u2019\u00e9nergie mise en \u0153uvre sur les projets les plus sensibles et outiller les chefs de projets.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>La phase de seconde lecture du r\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel devrait vraisemblablement s\u2019achever d\u2019ici la fin de l\u2019ann\u00e9e 2015 par son adoption. Ce r\u00e8glement introduit plusieurs concepts majeurs dont un particuli\u00e8rement structurant qui donne&#8230;<\/p>\n","protected":false},"author":16,"featured_media":8313,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3226],"tags":[3299,412,2960,2434,78,413],"coauthors":[804,1281],"class_list":["post-8411","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-digital-compliance","tag-digital-privacy","tag-donnees-a-caractere-personnel","tag-eu","tag-privacy-by-design","tag-reglementation","tag-vie-privee"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Privacy by design : anticiper pour mieux prot\u00e9ger (partie 1) - RiskInsight<\/title>\n<meta name=\"description\" content=\"R\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel : zoom sur le concept de \u00abPrivacy By Design\u00bb.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Privacy by design : anticiper pour mieux prot\u00e9ger (partie 1) - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"R\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel : zoom sur le concept de \u00abPrivacy By Design\u00bb.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2015-10-19T08:00:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-02T12:47:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1378\" \/>\n\t<meta property=\"og:image:height\" content=\"1378\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rapha\u00ebl Brun, Thibault Lapedagne\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rapha\u00ebl Brun, Thibault Lapedagne\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/\"},\"author\":{\"name\":\"Rapha\u00ebl Brun\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494\"},\"headline\":\"Privacy by design : anticiper pour mieux prot\u00e9ger (partie 1)\",\"datePublished\":\"2015-10-19T08:00:42+00:00\",\"dateModified\":\"2020-01-02T12:47:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/\"},\"wordCount\":1348,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg\",\"keywords\":[\"Digital privacy\",\"DPO\",\"EU\",\"privacy by design\",\"R\u00e8glementation\",\"vie priv\u00e9e\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Digital Compliance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/\",\"name\":\"Privacy by design : anticiper pour mieux prot\u00e9ger (partie 1) - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg\",\"datePublished\":\"2015-10-19T08:00:42+00:00\",\"dateModified\":\"2020-01-02T12:47:01+00:00\",\"description\":\"R\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel : zoom sur le concept de \u00abPrivacy By Design\u00bb.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg\",\"width\":1378,\"height\":1378,\"caption\":\"Privacy By Design\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Privacy by design : anticiper pour mieux prot\u00e9ger (partie 1)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494\",\"name\":\"Rapha\u00ebl Brun\",\"description\":\"Rapha\u00ebl BRUN is a Senior Manager at Wavestone within the Cybersecurity and Digital Trust practice. He graduated from the University of Technology of Troyes in France in 2008. He has expertise in crisis management, business continuity management and cybersecurity governance, developed over 10 years of experience. Raphael is also a seasoned speaker about data privacy: he addresses this topic on a regular basis on Insurance Speaker or Risk Insight.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/raphael-brun\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Privacy by design : anticiper pour mieux prot\u00e9ger (partie 1) - RiskInsight","description":"R\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel : zoom sur le concept de \u00abPrivacy By Design\u00bb.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/","og_locale":"en_US","og_type":"article","og_title":"Privacy by design : anticiper pour mieux prot\u00e9ger (partie 1) - RiskInsight","og_description":"R\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel : zoom sur le concept de \u00abPrivacy By Design\u00bb.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/","og_site_name":"RiskInsight","article_published_time":"2015-10-19T08:00:42+00:00","article_modified_time":"2020-01-02T12:47:01+00:00","og_image":[{"width":1378,"height":1378,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"Rapha\u00ebl Brun, Thibault Lapedagne","twitter_misc":{"Written by":"Rapha\u00ebl Brun, Thibault Lapedagne","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/"},"author":{"name":"Rapha\u00ebl Brun","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494"},"headline":"Privacy by design : anticiper pour mieux prot\u00e9ger (partie 1)","datePublished":"2015-10-19T08:00:42+00:00","dateModified":"2020-01-02T12:47:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/"},"wordCount":1348,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg","keywords":["Digital privacy","DPO","EU","privacy by design","R\u00e8glementation","vie priv\u00e9e"],"articleSection":["Cybersecurity &amp; Digital Trust","Digital Compliance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/","url":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/","name":"Privacy by design : anticiper pour mieux prot\u00e9ger (partie 1) - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg","datePublished":"2015-10-19T08:00:42+00:00","dateModified":"2020-01-02T12:47:01+00:00","description":"R\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel : zoom sur le concept de \u00abPrivacy By Design\u00bb.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg","width":1378,"height":1378,"caption":"Privacy By Design"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Privacy by design : anticiper pour mieux prot\u00e9ger (partie 1)"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494","name":"Rapha\u00ebl Brun","description":"Rapha\u00ebl BRUN is a Senior Manager at Wavestone within the Cybersecurity and Digital Trust practice. He graduated from the University of Technology of Troyes in France in 2008. He has expertise in crisis management, business continuity management and cybersecurity governance, developed over 10 years of experience. Raphael is also a seasoned speaker about data privacy: he addresses this topic on a regular basis on Insurance Speaker or Risk Insight.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/raphael-brun\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8411","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=8411"}],"version-history":[{"count":3,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8411\/revisions"}],"predecessor-version":[{"id":8525,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8411\/revisions\/8525"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/8313"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=8411"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=8411"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=8411"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=8411"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}