{"id":9897,"date":"2017-07-19T17:58:13","date_gmt":"2017-07-19T16:58:13","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=9897\/"},"modified":"2019-12-31T10:04:41","modified_gmt":"2019-12-31T09:04:41","slug":"rgpd-1an-travaux-bilan-12","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/07\/rgpd-1an-travaux-bilan-12\/","title":{"rendered":"RGPD, 1 an de travaux, quel bilan en tirer ? (1\/2)"},"content":{"rendered":"<p><em>Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le <a href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2015\/09\/nouveau-reglement-europeen-sur-la-protection-des-donnees-personnelles-anticiper-les-3-impacts-majeurs\/\">R\u00e8glement G\u00e9n\u00e9ral sur la Protection des Donn\u00e9es <\/a>(RGPD ou GDPR). O\u00f9 en sont les grands acteurs concern\u00e9s, seront-ils conformes d\u2019ici mai 2018 ? Quels sont les chantiers les plus complexes aujourd\u2019hui ? Qu\u2019apprendre des travaux d\u00e9j\u00e0 r\u00e9alis\u00e9s ?<\/em><\/p>\n<p><em>Notre retour d\u2019exp\u00e9rience s\u2019appuie sur un \u00e9chantillon correspondant \u00e0 nos interventions aupr\u00e8s de 20 grands comptes pr\u00e9sents internationalement (Banques, Assurances, Transports, \u00c9nergie, Services, Grande distribution, etc.) et pr\u00e8s de 40 donneurs d\u2019ordre.<\/em><\/p>\n<p><em>Revenons tout d\u2019abord sur la charge n\u00e9cessaire, les principaux chantiers et points durs de la mise en conformit\u00e9 au RGPD.<\/em><\/p>\n<p>&nbsp;<\/p>\n<h2>Des programmes importants mobilisant toutes les directions de l\u2019entreprise<\/h2>\n<p>Les programmes de mise en conformit\u00e9 au RGPD impliquent tr\u00e8s largement dans les entreprises, de <strong>quelques dizaines \u00e0 quelques centaines d\u2019acteurs<\/strong> \u00e0 chaque fois. Les charges consolid\u00e9es vont de 3 \u00e0 4 ETP (\u00e9quivalent temps plein) pour les environnements les plus petits et les plus conformes ; jusqu\u2019\u00e0 plusieurs dizaines d\u2019ETP pour les environnements les plus complexes et les plus \u00e9loign\u00e9s de la cible.<\/p>\n<p>Cette charge est g\u00e9n\u00e9ralement r\u00e9partie comme suit :<\/p>\n<figure id=\"post-9898 media-9898\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9898 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/image-1.png\" alt=\"\" width=\"648\" height=\"443\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/image-1.png 648w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/image-1-279x191.png 279w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/image-1-57x39.png 57w\" sizes=\"auto, (max-width: 648px) 100vw, 648px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<ul>\n<li>15 % pour l\u2019\u00e9quipe en charge du pilotage du programme, de la coordination et de la communication\/formation<\/li>\n<li>15 % pour les \u00e9quipes DPO, risques ou conformit\u00e9 afin de formaliser les politiques, directives et process, d\u00e9finir l\u2019organisation cible, et s\u2019assurer de la conformit\u00e9 des solutions d\u00e9ploy\u00e9es par les \u00e9quipes m\u00e9tiers et IT<\/li>\n<li>5 % pour l\u2019expertise juridique afin d\u2019interpr\u00e9ter le texte, proposer des clauses et mentions l\u00e9gales conformes et arbitrer sur des points juridiques identifi\u00e9s au cours du projet (notamment les dur\u00e9es de conservation propos\u00e9es)<\/li>\n<li>25 % pour les responsables m\u00e9tiers\/business en vue de cartographier leurs processus, les mettre en conformit\u00e9 et faire \u00e9voluer les modalit\u00e9s de fonctionnement avec leurs clients et partenaires<\/li>\n<li>40 % pour les \u00e9quipes IT et Digital (dont la fili\u00e8re cybers\u00e9curit\u00e9) afin de faire \u00e9voluer les syst\u00e8mes informatiques existants, int\u00e9grer les exigences du RGPD dans les d\u00e9veloppements en cours et proposer des offres de services pour les solutions IT de conformit\u00e9 (en particulier, anonymisation, exercice des droits et portabilit\u00e9)<\/li>\n<\/ul>\n<p>Contrairement \u00e0 certaines id\u00e9es pr\u00e9concues, la <strong>charge pour les \u00e9quipes juridiques et pour le RSSI reste limit\u00e9e au regard de la charge globale<\/strong>.<\/p>\n<p>En effet, les travaux d\u2019analyse du r\u00e8glement qui ont occup\u00e9s les premi\u00e8res semaines des programmes sont aujourd\u2019hui g\u00e9n\u00e9ralement termin\u00e9s ou presque, et remplac\u00e9s par des chantiers plus op\u00e9rationnels o\u00f9 la dimension juridique est plus faible.<\/p>\n<p>Pour les chantiers de cybers\u00e9curit\u00e9, ils se r\u00e9v\u00e8lent souvent non directement port\u00e9s par les programmes RGPD mais plut\u00f4t par les programmes Cybers\u00e9curit\u00e9 existants. Les co\u00fbts IT sont donc plus souvent li\u00e9s \u00e0 des probl\u00e9matiques d\u2019exercice des droits, de suppression des donn\u00e9es, de portabilit\u00e9, de surveillance des syst\u00e8mes, de revue des droits ou de mise sous contr\u00f4le du process de la gestion des habilitations pour certains pans du SI, etc.<\/p>\n<p>Cette <strong>r\u00e9partition devrait \u00eatre stable dans le temps et lors des phases de mise en \u0153uvre des projets<\/strong>. En particulier les \u00e9quipes autour du DPO vont se focaliser de plus en plus sur un r\u00f4le de contr\u00f4le et d\u2019accompagnement des projets.<\/p>\n<p>&nbsp;<\/p>\n<h2>10 chantiers RGPD qui concentrent les investissements\u2026<\/h2>\n<p>La mise en \u0153uvre de la conformit\u00e9 au RGDP peut aujourd\u2019hui se synth\u00e9tiser au travers de 10 chantiers majeurs :<\/p>\n<ol>\n<li>L\u2019exercice des droits (acc\u00e8s, suppression,portabilit\u00e9\u2026) et la capacit\u00e9 \u00e0 retrouver et \u00e0 supprimer toutes les donn\u00e9es associ\u00e9es \u00e0 une personne au sein de l\u2019organisation (20 % des co\u00fbts, majoritairement IT). Il s\u2019agit du poste principal car il int\u00e8gre les \u00e9volutions \u00e0 apporter dans les applications du SI.<\/li>\n<li>L\u2019accompagnement des projets IT en cours en Privacy By Design (15 %, majoritairement IT et m\u00e9tiers)<\/li>\n<li>L\u2019encadrement des transferts (\u00e0 des tiers ou hors UE) (10 %, majoritairement m\u00e9tiers et juridique)<\/li>\n<li>La mise en \u0153uvre de l\u2019information des personnes et la gestion du consentement (10 %, majoritairement m\u00e9tiers et IT)<\/li>\n<li>La d\u00e9finition des politiques, directives, m\u00e9thodologies et outils de conformit\u00e9 et la mise en \u0153uvre d\u2019une organisation autour du DPO (10 %, majoritairement DPO)<\/li>\n<li>La mise en \u0153uvre de contr\u00f4les et d\u2019audits de conformit\u00e9 (5 %, majoritairement DPO)<\/li>\n<li>La construction d\u2019un registre des traitements de donn\u00e9es et la d\u00e9finition des r\u00e8gles de conformit\u00e9 associ\u00e9s \u00e0 chaque traitement (5 %, majoritairement M\u00e9tier)<\/li>\n<li>L\u2019am\u00e9lioration des mesures de s\u00e9curit\u00e9 existantes (5 %, du fait de l\u2019existence de budget cybers\u00e9curit\u00e9 permettant de remplir les exigences, majoritairement IT)<\/li>\n<li>La formation et la sensibilisation de l\u2019ensemble des acteurs concern\u00e9s par le sujet (5 %, majoritairement M\u00e9tiers)<\/li>\n<li>Le pilotage du programme (15 %)<\/li>\n<\/ol>\n<figure id=\"post-9900 media-9900\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9900 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/image-2.png\" alt=\"\" width=\"844\" height=\"404\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/image-2.png 844w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/image-2-399x191.png 399w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/image-2-768x368.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/image-2-71x34.png 71w\" sizes=\"auto, (max-width: 844px) 100vw, 844px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<h2>\u2026Pour 5 points durs \u00e0 traiter en priorit\u00e9<\/h2>\n<p>Une fois les cadrages de programme r\u00e9alis\u00e9s, les premiers r\u00e9sultats des analyses d\u2019\u00e9carts produits, les sujets difficiles \u00e9mergent. Nous constatons que quel que soit le contexte, le secteur d\u2019activit\u00e9, la nature des donn\u00e9es manipul\u00e9es ou le niveau de conformit\u00e9 existant, ces 5 points durs ressortent chez la majorit\u00e9 de nos clients\u00a0:<\/p>\n<p><strong>1. L\u2019application des d\u00e9lais de r\u00e9tention et du droit \u00e0 l\u2019oubli au sein des syst\u00e8mes informatiques existants.<\/strong><br \/>\nEn effet la situation est souvent complexe du fait de choix historiques : donn\u00e9es personnelles utilis\u00e9es comme identifiant unique dans les syst\u00e8mes de base de donn\u00e9es, champs obligatoires techniques non indispensables d\u2019un point de vue business\u2026 Ce sujet requiert un investissement pouvant \u00eatre important sur des applications historiques (g\u00e9n\u00e9ralement de 40 k\u20ac \u00e0 200 k\u20ac par application). La contrainte de suppression est parfois quasi impossible \u00e0 mettre en oeuvre au regard des impacts non maitris\u00e9s sur le SI et l\u2019ensemble des donn\u00e9es concern\u00e9es sont souvent difficile \u00e0 identifier. Ce probl\u00e8me peut \u00eatre trait\u00e9 au travers d\u2019un remplacement des donn\u00e9es par une autre valeur voire par de la tokenisation.<\/p>\n<p><strong>2. La mise en conformit\u00e9 des contrats existants : des volumes de milliers voire de dizaines de milliers de contrats sont rencontr\u00e9s sur le terrain. <\/strong><br \/>\nUn effort de collecte, de recensement et d\u2019adaptation qui peut prendre une ampleur importante suivant le degr\u00e9 de d\u00e9centralisation de la gestion des contrats. Il s\u2019agit alors d\u2019appliquer des solutions simples et efficaces en se concentrant sur l\u2019int\u00e9gration des clauses RGPD dans les contrats \u00e0 venir. Et pour l\u2019existant ? Communiquer vos exigences (mentions l\u00e9gales d\u2019information par exemple) aux fournisseurs en demandant l\u2019application d\u2019une exigence l\u00e9gale et pas sur la base d\u2019un engagement contractuel \u00e0 ren\u00e9gocier.<\/p>\n<p><strong>3.\u00a0La mise en oeuvre d\u2019une m\u00e9thodologie d\u2019accompagnement des projets (Privacy By Design) et des outils d\u2019analyse de risques sur la vie priv\u00e9e (PIA) appr\u00e9hendables en autonomie par les chefs de projets et r\u00e9alistes en termes de charge et de contraintes<\/strong>.<br \/>\nM\u00eame si certaines organisations avaient d\u00e9j\u00e0 mis en oeuvre des processus d\u2019int\u00e9gration de la s\u00e9curit\u00e9 dans les projets, il est n\u00e9cessaire de refondre ces processus et de former les acteurs concern\u00e9s. Quelles bonnes pratiques ? Construire des m\u00e9thodes qui visent la simplicit\u00e9 et le pragmatisme plut\u00f4t que l\u2019exhaustivit\u00e9 et ne pas vouloir d\u00e9rouler les m\u00e9thodologies sur tous les projets en mettant en place un tri initial afin de focaliser l\u2019attention sur les plus sensibles.<\/p>\n<p><strong>4. L\u2019identification de ressources expertes du sujet et \u00e0 m\u00eame de contribuer aux chantiers.<\/strong><br \/>\nCelles-ci sont aujourd\u2019hui extr\u00eamement rares et difficiles \u00e0 trouver, que ce soit en interne ou aupr\u00e8s de soci\u00e9t\u00e9s de services, de cabinets de conseil ou d\u2019avocats. Il convient donc de bien r\u00e9partir les t\u00e2ches et ne pas chercher \u00e0 positionner des experts sur toutes les dimensions du programme et \u00e0 tous les postes. Les directeurs de programme peuvent par exemple venir de la DSI, les juristes en droit de contrats \u00eatre form\u00e9s rapidement \u00e0 la probl\u00e9matique vie priv\u00e9e, les \u00e9quipes contr\u00f4le interne peuvent aider \u00e0 l\u2019\u00e9volution des processus aff\u00e9rents. En sus, dans des environnements tr\u00e8s concern\u00e9s par des r\u00e9glementations clients, il conviendra d\u2019int\u00e9grer ou partager les initiatives afin de mutualiser au mieux les travaux et livrables produits. \u00c0 la vue des enjeux et de l\u2019ampleur des programmes, un pilotage rigoureux et r\u00e9aliste est un pr\u00e9-requis.<\/p>\n<p><strong>5.\u00a0L\u2019organisation de l\u2019\u00e9quipe DPO, et les profils particuliers requis, la plus \u00e0 m\u00eame d\u2019apporter expertise juridique, pilotage du programme (qui ira bien au-del\u00e0 de mai 2018), accompagnement des projets et contr\u00f4le des traitements. <\/strong><br \/>\nSuivant les contextes, le poste de DPO attire \u00e0 la fois des convoitises dans les fili\u00e8res conformit\u00e9s ou CIL existantes, mais des appr\u00e9hensions pour des profils qui ne souhaitent pas endosser ce r\u00f4le parfois vu comme apporteur de contraintes et relayant rarement des messages positifs. Le pilotage du programme peut donc \u00eatre confi\u00e9 de fa\u00e7on temporaire \u00e0 une \u00e9quipe sp\u00e9cifique, ind\u00e9pendante de la future organisation DPO.<\/p>\n<p>&nbsp;<\/p>\n<p>Les chantiers de mise en conformit\u00e9 au RGPD impliquent donc un <strong>large panel d\u2019interlocuteurs<\/strong> au sein des entreprises. Cela est d\u2019autant plus n\u00e9cessaire pour prioriser les chantiers et traiter les points durs tout en respectant les \u00e9ch\u00e9ances et les contraintes budg\u00e9taires. Ces sujets seront trait\u00e9s dans un <a href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/07\/rgpd-1an-travaux-bilan-22\/\">second article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le R\u00e8glement G\u00e9n\u00e9ral sur la Protection des Donn\u00e9es (RGPD ou GDPR). O\u00f9 en sont&#8230;<\/p>\n","protected":false},"author":16,"featured_media":9904,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3226],"tags":[417,3299,412,2960,2844,78,2842],"coauthors":[804],"class_list":["post-9897","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-digital-compliance","tag-conformite","tag-digital-privacy","tag-donnees-a-caractere-personnel","tag-eu","tag-priorites","tag-reglementation","tag-rgpd"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>RGPD, 1 an de travaux, quel bilan en tirer ? (1\/2) - RiskInsight<\/title>\n<meta name=\"description\" content=\"Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le RGPD (ou GDPR).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"RGPD, 1 an de travaux, quel bilan en tirer ? (1\/2) - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le RGPD (ou GDPR).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-19T16:58:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T09:04:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"3873\" \/>\n\t<meta property=\"og:image:height\" content=\"3873\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rapha\u00ebl Brun\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rapha\u00ebl Brun\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/\"},\"author\":{\"name\":\"Rapha\u00ebl Brun\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494\"},\"headline\":\"RGPD, 1 an de travaux, quel bilan en tirer ? (1\/2)\",\"datePublished\":\"2017-07-19T16:58:13+00:00\",\"dateModified\":\"2019-12-31T09:04:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/\"},\"wordCount\":1602,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\",\"keywords\":[\"conformit\u00e9\",\"Digital privacy\",\"DPO\",\"EU\",\"priorit\u00e9s\",\"R\u00e8glementation\",\"RGPD\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Digital Compliance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/\",\"name\":\"RGPD, 1 an de travaux, quel bilan en tirer ? (1\/2) - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\",\"datePublished\":\"2017-07-19T16:58:13+00:00\",\"dateModified\":\"2019-12-31T09:04:41+00:00\",\"description\":\"Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le RGPD (ou GDPR).\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg\",\"width\":3873,\"height\":3873,\"caption\":\"flat design for team work concept over yellow\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"RGPD, 1 an de travaux, quel bilan en tirer ? (1\/2)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494\",\"name\":\"Rapha\u00ebl Brun\",\"description\":\"Rapha\u00ebl BRUN is a Senior Manager at Wavestone within the Cybersecurity and Digital Trust practice. He graduated from the University of Technology of Troyes in France in 2008. He has expertise in crisis management, business continuity management and cybersecurity governance, developed over 10 years of experience. Raphael is also a seasoned speaker about data privacy: he addresses this topic on a regular basis on Insurance Speaker or Risk Insight.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/raphael-brun\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"RGPD, 1 an de travaux, quel bilan en tirer ? (1\/2) - RiskInsight","description":"Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le RGPD (ou GDPR).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/","og_locale":"en_US","og_type":"article","og_title":"RGPD, 1 an de travaux, quel bilan en tirer ? (1\/2) - RiskInsight","og_description":"Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le RGPD (ou GDPR).","og_url":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/","og_site_name":"RiskInsight","article_published_time":"2017-07-19T16:58:13+00:00","article_modified_time":"2019-12-31T09:04:41+00:00","og_image":[{"width":3873,"height":3873,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","type":"image\/jpeg"}],"author":"Rapha\u00ebl Brun","twitter_misc":{"Written by":"Rapha\u00ebl Brun","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/"},"author":{"name":"Rapha\u00ebl Brun","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494"},"headline":"RGPD, 1 an de travaux, quel bilan en tirer ? (1\/2)","datePublished":"2017-07-19T16:58:13+00:00","dateModified":"2019-12-31T09:04:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/"},"wordCount":1602,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","keywords":["conformit\u00e9","Digital privacy","DPO","EU","priorit\u00e9s","R\u00e8glementation","RGPD"],"articleSection":["Cybersecurity &amp; Digital Trust","Digital Compliance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/","url":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/","name":"RGPD, 1 an de travaux, quel bilan en tirer ? (1\/2) - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","datePublished":"2017-07-19T16:58:13+00:00","dateModified":"2019-12-31T09:04:41+00:00","description":"Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le RGPD (ou GDPR).","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_69576340_Subscription_Monthly_XXL-flat-design-for-team-work-concept\u00a9-kchungtw.jpg","width":3873,"height":3873,"caption":"flat design for team work concept over yellow"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-12\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"RGPD, 1 an de travaux, quel bilan en tirer ? (1\/2)"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494","name":"Rapha\u00ebl Brun","description":"Rapha\u00ebl BRUN is a Senior Manager at Wavestone within the Cybersecurity and Digital Trust practice. He graduated from the University of Technology of Troyes in France in 2008. He has expertise in crisis management, business continuity management and cybersecurity governance, developed over 10 years of experience. Raphael is also a seasoned speaker about data privacy: he addresses this topic on a regular basis on Insurance Speaker or Risk Insight.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/raphael-brun\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9897","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=9897"}],"version-history":[{"count":6,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9897\/revisions"}],"predecessor-version":[{"id":9929,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9897\/revisions\/9929"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/9904"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=9897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=9897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=9897"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=9897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}