{"id":9911,"date":"2017-07-20T15:11:57","date_gmt":"2017-07-20T14:11:57","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=9911\/"},"modified":"2019-12-31T10:04:29","modified_gmt":"2019-12-31T09:04:29","slug":"rgpd-1an-travaux-bilan-22","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/07\/rgpd-1an-travaux-bilan-22\/","title":{"rendered":"RGPD, 1 an de travaux, quel bilan en tirer ? (2\/2)"},"content":{"rendered":"<p><em>Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le\u00a0<a href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2015\/09\/nouveau-reglement-europeen-sur-la-protection-des-donnees-personnelles-anticiper-les-3-impacts-majeurs\/\">R\u00e8glement G\u00e9n\u00e9ral sur la Protection des Donn\u00e9es\u00a0<\/a>(RGPD ou GDPR). O\u00f9 en sont les grands acteurs concern\u00e9s, seront-ils conforment d\u2019ici mai 2018 ? Quels sont les chantiers les plus complexes aujourd\u2019hui ? Qu\u2019apprendre des travaux d\u00e9j\u00e0 r\u00e9alis\u00e9s ?<\/em><\/p>\n<p><em>Notre retour d\u2019exp\u00e9rience s\u2019appuie sur un \u00e9chantillon correspondant \u00e0 nos interventions aupr\u00e8s de 20 grands comptes pr\u00e9sents internationalement (Banques, Assurances, Transports, \u00c9nergie, Services, Grande distribution, etc.) et pr\u00e8s de 40 donneurs d\u2019ordre.<\/em><\/p>\n<p><em>Suite \u00e0 notre <a href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/07\/rgpd-1an-travaux-bilan-12\/\">premier article sur la charge n\u00e9cessaire et les principaux chantiers identifi\u00e9s<\/a>, revenons sur les budgets et\u00a0l&#8217;ann\u00e9e \u00e9coul\u00e9e.\u00a0<\/em><\/p>\n<p>&nbsp;<\/p>\n<h2>Des budgets en constante augmentation<\/h2>\n<p><strong>Le RGPD est un nouveau sujet. La protection de la vie priv\u00e9e ne l\u2019est pas.<\/strong> La Loi Informatique et Libert\u00e9s existe par exemple depuis 1978. Cet historique a dans un premier temps fait croire (\u00e0 tort) \u00e0 un bon niveau de conformit\u00e9 des organisations et limit\u00e9 la crainte d\u2019un risque important de sanctions.<\/p>\n<p>Les programmes ont donc mis du temps \u00e0 se lancer (souvent pas avant fin 2016 pour de nombreux programmes, r\u00e9ellement au premier semestre 2017 pour les autres) et avec des r\u00e9serves budg\u00e9taires faibles.\u00a0<strong>L\u2019avancement des \u00e9tats des lieux, des analyses d\u2019\u00e9carts et de la complexit\u00e9 des mesures \u00e0 mettre en oeuvre am\u00e8ne nos clients \u00e0<\/strong> <strong>augmenter r\u00e9guli\u00e8rement et tr\u00e8s fortement leurs budgets<\/strong>.<\/p>\n<p>Les programmes RGPD se chiffrent aujourd\u2019hui pour de grands groupes internationaux, dans des fourchettes allant de <strong>1 \u00e0 5 millions d\u2019euros pour les organisations manipulant un nombre raisonnable de donn\u00e9es personnelles<\/strong> et peu mobilis\u00e9 sur le big data ou le profiling ; jusqu\u2019\u00e0 des fourchettes entre <strong>20 \u00e0 50 millions d\u2019euros lorsque que l\u2019entreprise \u00e0 plusieurs m\u00e9tiers et de tr\u00e8s nombreuses entit\u00e9s\/filiales<\/strong>. Pour certains tr\u00e8s grands acteurs internationaux, les premiers engagements budg\u00e9taires ont m\u00eame \u00e9t\u00e9 de <strong>plusieurs centaines de millions d\u2019euros<\/strong>, aujourd\u2019hui en cours d\u2019optimisation et de priorisation. Autre facteur de co\u00fbt, les \u00e9volutions en profondeur de multiples applications font grimper rapidement les montants.<\/p>\n<p>Au regard des co\u00fbts importants d\u00e9ploy\u00e9s, les directions g\u00e9n\u00e9rales exigent de plus en plus des directions m\u00e9tiers et IT de d\u00e9-prioriser d\u2019autres budgets ou de s\u2019appuyer sur les programmes existants pour absorber les chantiers identifi\u00e9s.<\/p>\n<p>L\u2019impact financier particuli\u00e8rement important de tels programmes, et la charge n\u00e9cessaire pour les d\u00e9ployer, implique aujourd\u2019hui que ces programmes revoient le planning initialement envisag\u00e9 (mai 2018) afin de <strong>lisser cette charge et ces budgets dans le temps<\/strong>. <strong>Mai 2018, n\u2019est plus une \u00e9ch\u00e9ance de mise en conformit\u00e9, mais plut\u00f4t la fin de la premi\u00e8re \u00e9tape de la mise en conformit\u00e9<\/strong> : avoir r\u00e9alis\u00e9 les travaux les plus importants \u00e0 cette date, et disposer d\u2019une feuille de route claire pour la suite.<\/p>\n<p>&nbsp;<\/p>\n<h2>D\u2019ici mai 2018, comment se mettre en conformit\u00e9 efficacement\u00a0?<\/h2>\n<p>Quelques r\u00e8gles simples sont \u00e0 suivre afin de r\u00e9ussir sa mise en conformit\u00e9 :<\/p>\n<p><strong>Piloter utile<\/strong><\/p>\n<p style=\"padding-left: 30px;\">Construire une structure de pilotage au niveau du si\u00e8ge ou du groupe qui ne vise pas uniquement \u00e0 exiger et contr\u00f4ler mais plut\u00f4t \u00e0 proposer des outils op\u00e9rationnels aux entit\u00e9s pour les aider dans leur mise en conformit\u00e9 et \u00e0 produire ces outils rapidement afin de ne pas ralentir ou inhiber les initiatives locales. Par exemple : ne pas attendre fin 2017 pour proposer sa m\u00e9thode PIA.<\/p>\n<p><strong>Identifier et prioriser les traitements \u00e0 risque<\/strong><\/p>\n<p style=\"padding-left: 30px;\">Certains sont faciles \u00e0 identifier (manipulation de donn\u00e9es de sant\u00e9, gestion de la fraude\u2026) et d\u2019autres n\u00e9cessitent expertise et une certaine exp\u00e9rience du sujet (comme par exemple les fichiers RH de \u00ab jurisprudence interne \u00bb, th\u00e9oriquement anonymis\u00e9s, et en pratique uniquement d\u00e9identifi\u00e9s directement, et donc souvent facilement r\u00e9-identifiants).<\/p>\n<p><strong>Ne pas chercher \u00e0 analyser tous les traitements d\u2019ici mai 2018<\/strong><\/p>\n<p style=\"padding-left: 30px;\">\u00a0En effet, constituer un inventaire prend du temps, mais analyser les traitements qui le constituent encore plus (\u00e0 minima 4 \u00e0 5 fois plus de temps). Cette analyse, qui n\u00e9cessite une forte exp\u00e9rience et expertise en data privacy, ne peut \u00eatre men\u00e9e exhaustivement d\u2019ici mai 2018 (pour des raisons de co\u00fbts, mais \u00e9galement de manque de ressources sachantes \u00e0 m\u00eame de les mener). Il convient donc d\u2019analyser les traitements les plus \u00e0 risques dans un premier temps (20 \u00e0 30% des traitements) et de disposer d\u2019une feuille de route claire pour l\u2019analyse des suivants.<\/p>\n<p><strong>Parall\u00e9liser<\/strong><\/p>\n<p style=\"padding-left: 30px;\">Le programme ne doit pas \u00eatre un programme Top Down o\u00f9 les op\u00e9rationnels attendent des mois des outils et politiques du groupes avant de pouvoir commencer leurs travaux de conformit\u00e9s. Tous les acteurs impliqu\u00e9s (m\u00e9tiers, conformit\u00e9, IT, CISO, Legal etc.) doivent pouvoir avancer en parall\u00e8le et s\u2019alimenter les uns les autres dans une d\u00e9marche souple et agile. Les \u00e9quipes IT n\u2019ont pas exemple pas besoin d\u2019attendre que les m\u00e9tiers identifient des dur\u00e9es de r\u00e9tention et demande \u00e0 les appliquer dans les syst\u00e8mes pour identifier les solutions applicables et les outils associ\u00e9s (notamment tokenisation irr\u00e9versible).<\/p>\n<p><strong>Mutualiser tout ce qui peut l\u2019\u00eatre<\/strong><\/p>\n<p style=\"padding-left: 30px;\">En effet, rien ne sert de r\u00e9inventer la roue. Les \u00e9quipes centrales peuvent contribuer \u00e0 construire et proposer des acc\u00e9l\u00e9rateurs. Ainsi, plut\u00f4t que de demander \u00e0 toutes les entit\u00e9s de constituer leur inventaire, il est souvent pertinent de proposer un mod\u00e8le avec les 70 \u00e0 80 % de traitements communs \u00e0 l\u2019ensemble des entit\u00e9s. Le programme s\u2019en trouvera facilit\u00e9 et la charge de mise en conformit\u00e9 r\u00e9duite de fa\u00e7on importante.<\/p>\n<p><strong>Expliquer, expliquer et r\u00e9-expliquer<\/strong><\/p>\n<p style=\"padding-left: 30px;\">Le RGDP et sa d\u00e9clinaison est un sujet complexe, aux multiples ramifi cations et qui sollicitent de nombreux acteurs de l\u2019organisation qui ne connaissaient rien au sujet il y a encore quelques mois. Il faut donc faire preuve d\u2019une p\u00e9dagogie sans faille et ne pas h\u00e9siter \u00e0 accompagner au plus pr\u00e8s les \u00e9quipes en charge des chantiers afin de les aider \u00e0 comprendre les exigences et imaginer les solutions.<\/p>\n<p><strong>Faites de la conformit\u00e9 un atout pour votre relation client<\/strong><\/p>\n<p style=\"padding-left: 30px;\">Un programme RGPD est avant tout per\u00e7u comme une contrainte par les op\u00e9rationnels. Pour autant, la protection de la vie priv\u00e9e est aujourd\u2019hui un sujet majeur de pr\u00e9occupation des citoyens que ce soit les clients ou les collaborateurs (id\u00e9e que nous avons d\u00e9velopp\u00e9 dans une pr\u00e9c\u00e9dente publication sur la vie priv\u00e9e dans le num\u00e9rique avec la vision exclusive des postures de citoyens dans 6 pays :wavestone.com\/privacy). Il convient donc d\u2019int\u00e9grer le programme au coeur des initiatives autour de la DATA et des chartes associ\u00e9es. La communication autour du programme devra ainsi valoriser les travaux men\u00e9s afin d\u2019en faire un atout dans la relation clients ou collaborateurs.<\/p>\n<p>&nbsp;<\/p>\n<h2>Que retenir de cette ann\u00e9e \u00e9coul\u00e9e\u00a0?<\/h2>\n<p>Les programmes ont mis du temps \u00e0 se lancer, et la prise de conscience des impacts du r\u00e8glement, de la taille des programmes et des budgets \u00e0 d\u00e9ployer en a \u00e9t\u00e9 retard\u00e9e d\u2019autant plus.<\/p>\n<p>Pour autant, depuis le d\u00e9but de l\u2019ann\u00e9e 2017, <strong>de nombreux programmes sont maintenant dans leur phase de rem\u00e9diation et des premi\u00e8res solutions \u00e9mergent<\/strong>. Mais <strong>tous les chantiers ne pourront \u00eatre termin\u00e9s pour mai 2018<\/strong>. Les grands comptes internationaux ne seront donc pas tous \u00e0 100% conformes en mai 2018, mais les actions majeures et les risques les plus forts seront certainement couverts.<\/p>\n<p>Donc d\u00e8s \u00e0 pr\u00e9sent, en sus des efforts mis en oeuvre pour d\u00e9ployer le maximum d\u2019actions de rem\u00e9diation <strong>d\u2019ici mai 2018, nos clients s\u2019organisent pour disposer d\u2019une organisation DPO<\/strong> op\u00e9rationnelle rapidement et que celle-ci dispose des budgets ad\u00e9quats pour conduire l\u2019ensemble des actions identifi\u00e9es et <strong>mettent en place des processus p\u00e9rennes<\/strong>, <strong>garants de la conformit\u00e9 dans la dur\u00e9e<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le\u00a0R\u00e8glement G\u00e9n\u00e9ral sur la Protection des Donn\u00e9es\u00a0(RGPD ou GDPR). O\u00f9 en sont les grands&#8230;<\/p>\n","protected":false},"author":16,"featured_media":9902,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3226],"tags":[417,3299,412,2960,2846,2844,78,2842],"coauthors":[804],"class_list":["post-9911","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-digital-compliance","tag-conformite","tag-digital-privacy","tag-donnees-a-caractere-personnel","tag-eu","tag-planning","tag-priorites","tag-reglementation","tag-rgpd"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>RGPD, 1 an de travaux, quel bilan en tirer ? (2\/2) - RiskInsight<\/title>\n<meta name=\"description\" content=\"Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le RGPD (ou GDPR).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"RGPD, 1 an de travaux, quel bilan en tirer ? (2\/2) - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le RGPD (ou GDPR).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-20T14:11:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T09:04:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_76746871_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1489\" \/>\n\t<meta property=\"og:image:height\" content=\"1276\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rapha\u00ebl Brun\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rapha\u00ebl Brun\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/\"},\"author\":{\"name\":\"Rapha\u00ebl Brun\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494\"},\"headline\":\"RGPD, 1 an de travaux, quel bilan en tirer ? (2\/2)\",\"datePublished\":\"2017-07-20T14:11:57+00:00\",\"dateModified\":\"2019-12-31T09:04:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/\"},\"wordCount\":1347,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_76746871_Subscription_Monthly_M.jpg\",\"keywords\":[\"conformit\u00e9\",\"Digital privacy\",\"DPO\",\"EU\",\"planning\",\"priorit\u00e9s\",\"R\u00e8glementation\",\"RGPD\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Digital Compliance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/\",\"name\":\"RGPD, 1 an de travaux, quel bilan en tirer ? (2\/2) - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_76746871_Subscription_Monthly_M.jpg\",\"datePublished\":\"2017-07-20T14:11:57+00:00\",\"dateModified\":\"2019-12-31T09:04:29+00:00\",\"description\":\"Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le RGPD (ou GDPR).\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_76746871_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_76746871_Subscription_Monthly_M.jpg\",\"width\":1489,\"height\":1276,\"caption\":\"Vector illustration of online shopping with realistic computer and contour icons\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"RGPD, 1 an de travaux, quel bilan en tirer ? (2\/2)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494\",\"name\":\"Rapha\u00ebl Brun\",\"description\":\"Rapha\u00ebl BRUN is a Senior Manager at Wavestone within the Cybersecurity and Digital Trust practice. He graduated from the University of Technology of Troyes in France in 2008. He has expertise in crisis management, business continuity management and cybersecurity governance, developed over 10 years of experience. Raphael is also a seasoned speaker about data privacy: he addresses this topic on a regular basis on Insurance Speaker or Risk Insight.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/raphael-brun\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"RGPD, 1 an de travaux, quel bilan en tirer ? (2\/2) - RiskInsight","description":"Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le RGPD (ou GDPR).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/","og_locale":"en_US","og_type":"article","og_title":"RGPD, 1 an de travaux, quel bilan en tirer ? (2\/2) - RiskInsight","og_description":"Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le RGPD (ou GDPR).","og_url":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/","og_site_name":"RiskInsight","article_published_time":"2017-07-20T14:11:57+00:00","article_modified_time":"2019-12-31T09:04:29+00:00","og_image":[{"width":1489,"height":1276,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_76746871_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"Rapha\u00ebl Brun","twitter_misc":{"Written by":"Rapha\u00ebl Brun","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/"},"author":{"name":"Rapha\u00ebl Brun","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494"},"headline":"RGPD, 1 an de travaux, quel bilan en tirer ? (2\/2)","datePublished":"2017-07-20T14:11:57+00:00","dateModified":"2019-12-31T09:04:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/"},"wordCount":1347,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_76746871_Subscription_Monthly_M.jpg","keywords":["conformit\u00e9","Digital privacy","DPO","EU","planning","priorit\u00e9s","R\u00e8glementation","RGPD"],"articleSection":["Cybersecurity &amp; Digital Trust","Digital Compliance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/","url":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/","name":"RGPD, 1 an de travaux, quel bilan en tirer ? (2\/2) - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_76746871_Subscription_Monthly_M.jpg","datePublished":"2017-07-20T14:11:57+00:00","dateModified":"2019-12-31T09:04:29+00:00","description":"Avril 2016, mai 2018, 2 ans pour se mettre en conformit\u00e9, et il ne reste d\u00e9j\u00e0 plus que 11 mois pour mener les travaux exig\u00e9s par le RGPD (ou GDPR).","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_76746871_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/07\/Fotolia_76746871_Subscription_Monthly_M.jpg","width":1489,"height":1276,"caption":"Vector illustration of online shopping with realistic computer and contour icons"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/07\/rgpd-1an-travaux-bilan-22\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"RGPD, 1 an de travaux, quel bilan en tirer ? (2\/2)"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/45dd574ed29861f917c3763e0fbcb494","name":"Rapha\u00ebl Brun","description":"Rapha\u00ebl BRUN is a Senior Manager at Wavestone within the Cybersecurity and Digital Trust practice. He graduated from the University of Technology of Troyes in France in 2008. He has expertise in crisis management, business continuity management and cybersecurity governance, developed over 10 years of experience. Raphael is also a seasoned speaker about data privacy: he addresses this topic on a regular basis on Insurance Speaker or Risk Insight.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/raphael-brun\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9911","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=9911"}],"version-history":[{"count":4,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9911\/revisions"}],"predecessor-version":[{"id":9916,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9911\/revisions\/9916"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/9902"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=9911"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=9911"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=9911"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=9911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}