{"id":8523,"date":"2015-11-16T10:47:21","date_gmt":"2015-11-16T09:47:21","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=8523"},"modified":"2020-01-02T13:46:44","modified_gmt":"2020-01-02T12:46:44","slug":"privacy-by-design-anticiper-pour-mieux-proteger-22","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/","title":{"rendered":"Privacy by design : anticiper pour mieux prot\u00e9ger (2\/2)"},"content":{"rendered":"<p><em><a href=\"http:\/\/www.solucominsight.fr\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/\">Dans notre pr\u00e9c\u00e9dent article,<\/a> nous revenions sur l&#8217;adoption d&#8217;ici la fin de l&#8217;ann\u00e9e du r\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re. Pour rappel, ce r\u00e8glement introduit plusieurs concepts majeurs dont un particuli\u00e8rement structurant qui donne obligation d\u2019assurer la \u00ab protection des donn\u00e9es d\u00e8s la conception \u00bb qui se r\u00e9sume par un terme consacr\u00e9, le \u00abPrivacy By Design\u00bb.<\/em><\/p>\n<p>Le <em>Privacy By Design <\/em>permet de <strong>minimiser les efforts fournis pour se conformer \u00e0 la<\/strong> <strong>Loi en \u00e9vitant la mise en conformit\u00e9 <em>a posteriori <\/em><\/strong>qui demande souvent le d\u00e9ploiement de projets d\u2019adaptation de l\u2019existant difficiles organisationnellement, technologiquement complexes et financi\u00e8rement co\u00fbteux. Nos retours d\u2019exp\u00e9rience montrent que plusieurs facteurs cl\u00e9s de succ\u00e8s sont \u00e0 prendre en compte : s\u2019armer de pragmatisme dans la d\u00e9finition de Privacy Impact Assessment, ne pas concevoir un processus d\u00e9corr\u00e9l\u00e9 de l\u2019existant, concentrer l\u2019\u00e9nergie mise en \u0153uvre sur les projets les plus sensibles et outiller les chefs de projets.<\/p>\n<p><strong>Dans le premier volet, nous sommes revenus sur les deux premiers facteurs cl\u00e9s de succ\u00e8s \u00e0 prendre en compte qui sont :<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/www.solucominsight.fr\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/\">Concevoir une m\u00e9thodologie de Privacy Impact Assessment pragmatique<\/a><\/li>\n<li><a href=\"http:\/\/www.solucominsight.fr\/2015\/10\/privacy-by-design-anticiper-pour-mieux-proteger-partie-1\/\">S\u2019int\u00e9grer dans la m\u00e9thodologie Projet existante<\/a><\/li>\n<\/ul>\n<p>Nous reviendrons ici sur les deux derniers facteurs essentiels \u00e0 prendre en compte.<\/p>\n<h2>Identifier les projets sensibles pour prioriser les efforts d&#8217;accompagnement<\/h2>\n<p>Dans la majorit\u00e9 des organisations, le volume de projets est trop important pour que les \u00e9quipes en charge de la conformit\u00e9 aient la capacit\u00e9 d\u2019accompagner chacun d\u2019eux et en particulier de r\u00e9aliser une analyse de risques m\u00eame simplifi\u00e9e. Il est donc n\u00e9cessaire d\u2019adapter l\u2019approche syst\u00e9matique de PIA en identifiant le plus en amont possible les projets qui pr\u00e9sentent une sensibilit\u00e9 accrue afin de prioriser les efforts d\u2019accompagnement.<\/p>\n<p>Les chefs de projets, souvent peu familiers de la Loi Informatique et Libert\u00e9s, peuvent se retrouver en difficult\u00e9s lorsqu\u2019il s\u2019agit d\u2019exprimer la sensibilit\u00e9 de leur projet au sens de la Loi. Il est donc n\u00e9cessaire de les accompagner dans cette \u00e9tape en leur fournissant une liste de questions simples et compr\u00e9hensibles par les non-initi\u00e9s.<\/p>\n<p>Dans la pratique, plusieurs facteurs peuvent rendre un projet sensible. Par exemple, la manipulation de donn\u00e9es sensibles au sens de la loi la mise en \u0153uvre de transferts hors UE. D\u2019autres facteurs, moins directement li\u00e9s \u00e0 la loi peuvent \u00e9galement \u00eatre identifi\u00e9\u00a0: utilisation de nouvelles technologies (Big data par exemple) ou existence de donn\u00e9es sensibles dans le contexte de l\u2019organisation (ex : identit\u00e9 des collaborateurs intervenant \u00e0 proximit\u00e9 de produits canc\u00e9rig\u00e8nes).<\/p>\n<p>Il conviendra donc d\u2019identifier la liste des crit\u00e8res rendant un projet sensible en fonction du contexte sp\u00e9cifique de l\u2019organisation et des risques qui p\u00e8sent sur elle.<\/p>\n<p>Rendre autonome le chef de projet dans la conduite de cette \u00e9tape permet de s\u2019assurer que tous les projets feront l\u2019objet d\u2019une appr\u00e9ciation de leur sensibilit\u00e9 vis-\u00e0-vis de la Loi Informatique et Libert\u00e9s. Enfin, en associant les \u00e9quipes conformit\u00e9s aux comit\u00e9s charg\u00e9s du suivi des projets en phase d\u2019\u00e9tude pr\u00e9alable, l\u2019analyse des chefs de projets peut \u00eatre challeng\u00e9e avant validation.<\/p>\n<p>Il conviendra alors d\u2019adapter l\u2019investissement de l\u2019\u00e9quipe conformit\u00e9 \u00e0 la sensibilit\u00e9 des projets. D\u2019un suivi distant pour les projets les moins sensibles (alimentation en guides de mise en conformit\u00e9, r\u00e9ponses \u00e0 des demandes d\u2019expertise) \u00e0 un suivi rapproch\u00e9 pour les projets les plus sensibles (groupes de travail sp\u00e9cifiques sur le sujet du Privacy, analyse de risques d\u00e9taill\u00e9e, v\u00e9rification des livrables exprimant les exigences de conformit\u00e9, pilotage de la recette conformit\u00e9, etc.). Dans tous les cas, l\u2019\u00e9quipe devra maintenir une liste des projets, des \u00e9valuations de criticit\u00e9 et s\u2019assurer d\u2019\u00eatre pr\u00e9sente dans les bonnes instances pour avoir acc\u00e8s \u00e0 l\u2019actualit\u00e9 des projets (cr\u00e9ation, arr\u00eat\u2026), voire disposer d\u2019un acc\u00e8s direct au portfolio projet qui existe dans les organisations les plus avanc\u00e9es.<\/p>\n<h2>Outiller les chefs de projet<\/h2>\n<p>Tous les projets ne pouvant \u00eatre accompagn\u00e9s de fa\u00e7on rapproch\u00e9e par l\u2019\u00e9quipe conformit\u00e9, les chefs de projets devant traiter la mise en conformit\u00e9 en autonomie devront disposer d\u2019outils pour les aider, g\u00e9n\u00e9ralement un guide de mise en conformit\u00e9 \u00e0 la loi Informatique et Libert\u00e9s. Ce guide ne doit pas ressembler \u00e0 un document juridique mais bien plus \u00e0 une traduction concr\u00e8te, explicite et intelligible de la loi pour un non initi\u00e9 et doit permettre d\u2019accompagner le chef de projet dans le choix des meilleures mesures pour s\u2019y conformer, qu\u2019elles soient organisationnelles ou techniques.<\/p>\n<p>L\u2019un des sujets qui n\u00e9cessite une attention particuli\u00e8re est par exemple le transfert de donn\u00e9es \u00e0 des tiers ou hors de l\u2019UE. Le transfert de donn\u00e9es &#8211; qui peut d\u00e9signer aussi bien le simple transit d\u2019un flux par un \u00e9quipement r\u00e9seau, l\u2019h\u00e9bergement dans le Cloud de la messagerie ou la consultation de donn\u00e9es sur un site web &#8211; sera explicit\u00e9 afin que chef de projet puisse identifier par lui-m\u00eame les transferts de donn\u00e9es r\u00e9alis\u00e9s dans le cadre de son projet. Il pourra alors par exemple s\u2019appuyer sur les mod\u00e8les de clauses propos\u00e9es dans le guide pour les int\u00e9grer dans ses contrats avec des tiers ou utiliser une liste des filiales ayant sign\u00e9es les Binding Corporate Rules pour s\u2019assurer que son transfert \u00e0 l\u2019international est autoris\u00e9.<\/p>\n<p>Ce guide de mise en conformit\u00e9 pourra \u00eatre associ\u00e9 \u00e0 un cahier de recette type, permettant de contr\u00f4ler le bon respect des principes juridiques fondamentaux. Une liste de questions restreintes (autour d\u2019une dizaine g\u00e9n\u00e9ralement) aidera le chef de projet \u00e0 contr\u00f4ler les points majeurs et ainsi valider la conformit\u00e9 globale du projet \u00e0 la Loi Informatique et Libert\u00e9s : les mentions d\u2019information sont-elles bien ajout\u00e9es ? Les cases de champs libres disposent-elles d\u2019un disclaimer sur leur bonne utilisation\u00a0? Les contrats contiennent-ils des clauses LIL ? La dur\u00e9e de conservation des donn\u00e9es a-t-elle \u00e9t\u00e9 d\u00e9finie et leurs modalit\u00e9s de suppression \u00e9tudi\u00e9es ?<\/p>\n<p>\u00c0 moyen terme, l\u2019outillage pourra aller un cran au-del\u00e0 en proposant aux chefs de projet des solutions techniques pour faciliter la mise en conformit\u00e9. Des plateformes mutualis\u00e9es de chiffrement ou d\u2019anonymisation de donn\u00e9es ou encore des processus de collecte de donn\u00e9es conformes pourront \u00eatre construits. Les investissements d\u00e9j\u00e0 r\u00e9alis\u00e9s dans la fili\u00e8re s\u00e9curit\u00e9 de l\u2019information pourront \u00eatre largement exploit\u00e9s.<\/p>\n<h2>Un processus \u00e0 concevoir et des \u00e9quipes pour le d\u00e9ployer<\/h2>\n<p>Le Privacy By Design, future obligation r\u00e9glementaire, constitue d\u00e8s \u00e0 pr\u00e9sent un moyen de s\u2019assurer de la conformit\u00e9 des nouveaux projets.<\/p>\n<p>Le CIL et ses \u00e9quipes devront s\u2019armer d\u2019une bonne dose de pragmatisme pour adapter les processus existants en les alimentant de leurs exigences essentielles tout en identifiant les projets les plus sensibles afin d\u2019y apporter une vigilance accrue.<\/p>\n<p>Mais au-del\u00e0 du processus en lui-m\u00eame, le CIL ou futur DPO devra se poser au plus t\u00f4t la question de ses besoins en ressources pour suivre ces projets : combien de personnes sont \u00e0 mobiliser pour accompagner sereinement les chefs de projets ? Quelles sont les comp\u00e9tences attendues de ces \u00e9quipes (expertise juridique, connaissances m\u00e9tiers, capacit\u00e9 \u00e0 interagir avec les \u00e9quipes IT et SSI, comp\u00e9tences de chef de projets,\u00a0 \u2026) ? Quelle mutualisation possible avec les fili\u00e8res existantes (RSSI, Conformit\u00e9, RPCA, etc.) ?<\/p>\n<p>Autant de questions auxquelles il conviendra de r\u00e9pondre afin d\u2019assurer au Privacy By Design un d\u00e9ploiement r\u00e9ussi, \u00e9l\u00e9ment cl\u00e9 pour que cette contrainte devienne une opportunit\u00e9 !<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dans notre pr\u00e9c\u00e9dent article, nous revenions sur l&#8217;adoption d&#8217;ici la fin de l&#8217;ann\u00e9e du r\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re. Pour rappel, ce r\u00e8glement introduit plusieurs concepts majeurs dont un particuli\u00e8rement structurant qui donne obligation d\u2019assurer la&#8230;<\/p>\n","protected":false},"author":16,"featured_media":8313,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3226],"tags":[3299,412,2960,2434,78,413],"coauthors":[804,1281],"class_list":["post-8523","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-digital-compliance","tag-digital-privacy","tag-donnees-a-caractere-personnel","tag-eu","tag-privacy-by-design","tag-reglementation","tag-vie-privee"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Privacy by design : anticiper pour mieux prot\u00e9ger (2\/2) - RiskInsight<\/title>\n<meta name=\"description\" content=\"R\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel : zoom sur le concept de \u00abPrivacy By Design\u00bb.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Privacy by design : anticiper pour mieux prot\u00e9ger (2\/2) - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"R\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel : zoom sur le concept de \u00abPrivacy By Design\u00bb.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2015-11-16T09:47:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-02T12:46:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1378\" \/>\n\t<meta property=\"og:image:height\" content=\"1378\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rapha\u00ebl Brun, Thibault Lapedagne\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rapha\u00ebl Brun, Thibault Lapedagne\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/\"},\"author\":{\"name\":\"Rapha\u00ebl Brun\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494\"},\"headline\":\"Privacy by design : anticiper pour mieux prot\u00e9ger (2\/2)\",\"datePublished\":\"2015-11-16T09:47:21+00:00\",\"dateModified\":\"2020-01-02T12:46:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/\"},\"wordCount\":1320,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg\",\"keywords\":[\"Digital privacy\",\"DPO\",\"EU\",\"privacy by design\",\"R\u00e8glementation\",\"vie priv\u00e9e\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Digital Compliance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/\",\"name\":\"Privacy by design : anticiper pour mieux prot\u00e9ger (2\/2) - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg\",\"datePublished\":\"2015-11-16T09:47:21+00:00\",\"dateModified\":\"2020-01-02T12:46:44+00:00\",\"description\":\"R\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel : zoom sur le concept de \u00abPrivacy By Design\u00bb.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg\",\"width\":1378,\"height\":1378,\"caption\":\"Privacy By Design\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Privacy by design : anticiper pour mieux prot\u00e9ger (2\/2)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494\",\"name\":\"Rapha\u00ebl Brun\",\"description\":\"Rapha\u00ebl BRUN is a Senior Manager at Wavestone within the Cybersecurity and Digital Trust practice. He graduated from the University of Technology of Troyes in France in 2008. He has expertise in crisis management, business continuity management and cybersecurity governance, developed over 10 years of experience. Raphael is also a seasoned speaker about data privacy: he addresses this topic on a regular basis on Insurance Speaker or Risk Insight.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/raphael-brun\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Privacy by design : anticiper pour mieux prot\u00e9ger (2\/2) - RiskInsight","description":"R\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel : zoom sur le concept de \u00abPrivacy By Design\u00bb.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/","og_locale":"en_US","og_type":"article","og_title":"Privacy by design : anticiper pour mieux prot\u00e9ger (2\/2) - RiskInsight","og_description":"R\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel : zoom sur le concept de \u00abPrivacy By Design\u00bb.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/","og_site_name":"RiskInsight","article_published_time":"2015-11-16T09:47:21+00:00","article_modified_time":"2020-01-02T12:46:44+00:00","og_image":[{"width":1378,"height":1378,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"Rapha\u00ebl Brun, Thibault Lapedagne","twitter_misc":{"Written by":"Rapha\u00ebl Brun, Thibault Lapedagne","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/"},"author":{"name":"Rapha\u00ebl Brun","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494"},"headline":"Privacy by design : anticiper pour mieux prot\u00e9ger (2\/2)","datePublished":"2015-11-16T09:47:21+00:00","dateModified":"2020-01-02T12:46:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/"},"wordCount":1320,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg","keywords":["Digital privacy","DPO","EU","privacy by design","R\u00e8glementation","vie priv\u00e9e"],"articleSection":["Cybersecurity &amp; Digital Trust","Digital Compliance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/","url":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/","name":"Privacy by design : anticiper pour mieux prot\u00e9ger (2\/2) - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg","datePublished":"2015-11-16T09:47:21+00:00","dateModified":"2020-01-02T12:46:44+00:00","description":"R\u00e8glement Europ\u00e9en sur la protection des donn\u00e9es \u00e0 Caract\u00e8re personnel : zoom sur le concept de \u00abPrivacy By Design\u00bb.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/09\/Fotolia_72277692_Subscription_Monthly_M.jpg","width":1378,"height":1378,"caption":"Privacy By Design"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/privacy-by-design-anticiper-pour-mieux-proteger-22\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Privacy by design : anticiper pour mieux prot\u00e9ger (2\/2)"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494","name":"Rapha\u00ebl Brun","description":"Rapha\u00ebl BRUN is a Senior Manager at Wavestone within the Cybersecurity and Digital Trust practice. He graduated from the University of Technology of Troyes in France in 2008. He has expertise in crisis management, business continuity management and cybersecurity governance, developed over 10 years of experience. Raphael is also a seasoned speaker about data privacy: he addresses this topic on a regular basis on Insurance Speaker or Risk Insight.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/raphael-brun\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=8523"}],"version-history":[{"count":3,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8523\/revisions"}],"predecessor-version":[{"id":8527,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8523\/revisions\/8527"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/8313"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=8523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=8523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=8523"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=8523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}