{"id":3544,"date":"2020-01-14T14:03:40","date_gmt":"2020-01-14T13:03:40","guid":{"rendered":"http:\/\/mouillere.com\/universconvergents\/?p=3544"},"modified":"2020-01-14T14:03:40","modified_gmt":"2020-01-14T13:03:40","slug":"rgpd-laccountability-concretement-cest-quoi","status":"publish","type":"post","link":"https:\/\/mouillere.com\/universconvergents\/2020\/01\/14\/rgpd-laccountability-concretement-cest-quoi\/","title":{"rendered":"RGPD : l&#8217;accountability, concr\u00e8tement, c&#8217;est quoi ?"},"content":{"rendered":"<p>Le <a href=\"https:\/\/www.village-justice.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Village de la Justice<\/a> consacre un article listant les documents devant composer le dossier de conformit\u00e9\u00a0 selon le principe d&#8217;accountability de l\u2019article 5 du RGPD qui impose aux entreprises de mettre en \u0153uvre des m\u00e9canismes et des proc\u00e9dures internes permettant de d\u00e9montrer \u00e0 tout moment le respect des r\u00e8gles relatives \u00e0 la protection des donn\u00e9es.<\/p>\n<p><!--more--><\/p>\n<p>Il s&#8217;agit pour le Data Privacy Officer (DPO) de pouvoir produire une documentation d\u00e9montrant que l&#8217;organisme a bien adopt\u00e9 des mesures de s\u00e9curit\u00e9 et organisationnelles appropri\u00e9es et respecte les grands principes de protection consacr\u00e9s par le RGPD:<\/p>\n<ul>\n<li><span style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif;\">Lic\u00e9it\u00e9 du traitement (int\u00e9r\u00eat l\u00e9gitime, obligation l\u00e9gale, contrat, etc.) ;<\/span><\/li>\n<li>Loyaut\u00e9 et transparence (acc\u00e8s, rectification, suppression, portabilit\u00e9, etc.) ;<\/li>\n<li>Finalit\u00e9s et minimisation des donn\u00e9es (donn\u00e9es collect\u00e9es ad\u00e9quates, pertinentes et limit\u00e9es aux finalit\u00e9s);<\/li>\n<li>Dur\u00e9e de conservation strictement limit\u00e9e aux finalit\u00e9s;<\/li>\n<li>Int\u00e9grit\u00e9 et confidentialit\u00e9 (s\u00e9curit\u00e9).<\/li>\n<\/ul>\n<p>Concr\u00e8tement, le DPO doit disposer de documents formalisant les mesures appropri\u00e9es :<\/p>\n<ul>\n<li>Code d\u2019\u00e9thique sur les principes fondamentaux appliqu\u00e9s par l\u2019organisme;<\/li>\n<li>Documentation relative \u00e0 la nomination du DPO et ses relais locaux;<\/li>\n<li>Cartographie des traitements et sch\u00e9mas des flux de donn\u00e9es;<\/li>\n<li>Registre des traitements;<\/li>\n<li>Fiches par traitement;<\/li>\n<li>Proc\u00e9dure sur la gestion des demandes de droits d\u2019acc\u00e8s (suppression, opposition, portabilit\u00e9, etc.);<\/li>\n<li>Politique de confidentialit\u00e9 interne (salari\u00e9s) et externe (clients, fournisseurs, cookies);<\/li>\n<li>Modalit\u00e9s de gestion des preuves des recueils de consentements (tra\u00e7abilit\u00e9)<\/li>\n<li>Politique de S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Informations (PSSI);<\/li>\n<li>Proc\u00e9dure de conservation des donn\u00e9es, archivage et suppression;<\/li>\n<li>Proc\u00e9dure de gestion et de notification des violations de donn\u00e9es (data breach);<\/li>\n<li>Proc\u00e9dure relatives aux analyses d\u2019impact;<\/li>\n<li>Proc\u00e9dure d\u2019anonymisation et de pseudonymisation des donn\u00e9es;<\/li>\n<li>Codes de conduite par m\u00e9tier sur les conditions de traitement des donn\u00e9es personnelles (DSI, RH, Marketing, R&amp;D);<\/li>\n<li>Charte informatique;<\/li>\n<li>R\u00e8glement int\u00e9rieur;<\/li>\n<li>Formation des salari\u00e9s;<\/li>\n<li>Certification ISO;<\/li>\n<li>Politique d\u2019\u00e9thique du choix des fournisseurs et sous-traitants;<\/li>\n<li>Liste exhaustive des sous-traitants, localisation, p\u00e9rim\u00e8tre d\u2019activit\u00e9 et contrats (avenant RGPD);<\/li>\n<li>Proc\u00e9dure sur le transfert des donn\u00e9es personnelles hors UE;<\/li>\n<li>Convention intragroupe (BCR);<\/li>\n<li>Politique d\u2019audit interne et des sous-traitants;<\/li>\n<li>D\u00e9clarations de conformit\u00e9 CNIL, demandes d\u2019autorisations, demandes d\u2019avis.<\/li>\n<\/ul>\n<p>Certains cabinets d&#8217;avocat et prestataires offrent des outils d&#8217;administration du dossier de conformit\u00e9.<\/p>\n<p>&nbsp;<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe loading=\"lazy\" class=\"youtube-player\" width=\"1110\" height=\"625\" src=\"https:\/\/www.youtube.com\/embed\/KTXH6vDA7-o?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=fr-FR&#038;autohide=2&#038;wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\"><\/iframe><\/span><\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/www.village-justice.com\/articles\/accountability-rgpd-liste-des-documents-contenus-dans-dossier-conformite,33433.html\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.village-justice.com\/articles\/accountability-rgpd-liste-des-documents-contenus-dans-dossier-conformite,33433.html<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Le Village de la Justice consacre un article listant les documents devant composer le dossier de conformit\u00e9\u00a0 selon le principe d&#8217;accountability de l\u2019article 5 du RGPD qui impose aux entreprises&hellip; <\/p>\n","protected":false},"author":1,"featured_media":3545,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[16],"tags":[48,69,65],"class_list":["post-3544","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-donnees-personnelles","tag-cnil","tag-dpo","tag-rgpd"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2020\/01\/accountability.png?fit=670%2C395&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6jw1p-Va","jetpack-related-posts":[{"id":2475,"url":"https:\/\/mouillere.com\/universconvergents\/2017\/06\/05\/les-entreprises-seront-elles-en-conformite-avec-le-rgdp-en-mai-2018\/","url_meta":{"origin":3544,"position":0},"title":"Les entreprises seront-elles en conformit\u00e9 avec le RGDP en mai 2018 ?","author":"Fred","date":"5 juin 2017","format":false,"excerpt":"Le 25 mai 2018, les entreprises europ\u00e9ennes devront appliquer le RGDP et s\u2019assurer de la s\u00e9curisation des donn\u00e9es. Elles seront enti\u00e8rement responsables de la cha\u00eene de traitement des donn\u00e9es et devront s\u2019assurer des garanties apport\u00e9es par les sous-traitants et fournisseurs. Les entreprises de plus de 250 salari\u00e9s devront tenir un\u2026","rel":"","context":"Dans &quot;Donn\u00e9es personnelles&quot;","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/06\/34042190.jpg?fit=354%2C397&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2717,"url":"https:\/\/mouillere.com\/universconvergents\/2017\/11\/04\/privacy-on-track\/","url_meta":{"origin":3544,"position":1},"title":"Privacy On Track","author":"Fred","date":"4 novembre 2017","format":false,"excerpt":"Afin d\u2019accompagner les entreprises dans leur mise en conformit\u00e9 au R\u00e8glement europ\u00e9en sur la protection des donn\u00e9es personnelles (RGPD ou GDPR) qui entrera en vigueur le 25 mai 2018, Staub & Associ\u00e9s propose une solution permettant notamment de\u00a0cartographier le traitement de donn\u00e9es personnelles, mettre en oeuvre une gouvernance de la\u2026","rel":"","context":"Dans &quot;Donn\u00e9es personnelles&quot;","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/11\/privacy-on-track-schema.jpg?fit=800%2C424&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/11\/privacy-on-track-schema.jpg?fit=800%2C424&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/11\/privacy-on-track-schema.jpg?fit=800%2C424&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/11\/privacy-on-track-schema.jpg?fit=800%2C424&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2958,"url":"https:\/\/mouillere.com\/universconvergents\/2019\/03\/12\/mooc-pour-le-rgpd\/","url_meta":{"origin":3544,"position":2},"title":"MOOC pour le RGPD","author":"Fred","date":"12 mars 2019","format":false,"excerpt":"La CNIL vient de mettre en ligne une formation en ligne gratuite \u00e0 destination des D\u00e9l\u00e9gu\u00e9s \u00e0 la Protection des donn\u00e9es comprenant : 1) Le RGPD et ses notions cl\u00e9s, 2) Les principes de la protection des donn\u00e9es, 3) Les responsabilit\u00e9s des acteurs, 4) Le DPO et les outils de\u2026","rel":"","context":"Dans &quot;Donn\u00e9es personnelles&quot;","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/06\/6640564215_b3dc3f033d.jpg?fit=450%2C287&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3761,"url":"https:\/\/mouillere.com\/universconvergents\/2020\/02\/26\/lignes-directrices-du-cepd-sur-la-surveillance-video\/","url_meta":{"origin":3544,"position":3},"title":"Lignes directrices du CEPD sur la surveillance vid\u00e9o","author":"Fred","date":"26 f\u00e9vrier 2020","format":false,"excerpt":"Le Comit\u00e9 Europ\u00e9en de la Protection des Donn\u00e9es (CEPD \/ ex-G29) vient de publier ses lignes directrices sur la vid\u00e9osurveillance et la vid\u00e9oprotection. La vid\u00e9osurveillance d\u00e9signe un dispositif de s\u00e9curit\u00e9 constitu\u00e9 de cam\u00e9ras qui filment les \u00e9v\u00e9nements qui se produisent dans un espace priv\u00e9, un domicile ou un local professionnel\u2026","rel":"","context":"Dans &quot;Donn\u00e9es personnelles&quot;","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2806,"url":"https:\/\/mouillere.com\/universconvergents\/2018\/09\/25\/bilan-des-4-mois-de-rgpd-en-france\/","url_meta":{"origin":3544,"position":4},"title":"Bilan des 4 mois de RGPD en France","author":"Fred","date":"25 septembre 2018","format":false,"excerpt":"La CNIL vient de publier son bilan apr\u00e8s 4 mois de RGPD en France. Parmi ces chiffres, nous pouvons souligner que: 24 500 organismes ont d\u00e9sign\u00e9 un DPO ce qui repr\u00e9sente 13 000 DPO contre 5 000 CIL (correspondants informatique et libert\u00e9s) avant le RGPD ; \u00a0 Plus de 600\u2026","rel":"","context":"Dans &quot;Donn\u00e9es personnelles&quot;","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/09\/visuel_actu_11.jpg?fit=975%2C500&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/09\/visuel_actu_11.jpg?fit=975%2C500&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/09\/visuel_actu_11.jpg?fit=975%2C500&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/09\/visuel_actu_11.jpg?fit=975%2C500&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2676,"url":"https:\/\/mouillere.com\/universconvergents\/2017\/10\/12\/2676\/","url_meta":{"origin":3544,"position":5},"title":"RGPD pr\u00e9sent\u00e9 par Bird &#038; Bird","author":"Fred","date":"12 octobre 2017","format":false,"excerpt":"\"c'est l'opportunit\u00e9 de faire de la publicit\u00e9 v\u00e9ritablement cibl\u00e9e, avec des donn\u00e9es de qualit\u00e9s, plus pertinentes.\"\u00a0 Merav Griguer, Co-Head du d\u00e9partement Protection des donn\u00e9es de Bird & Bird. \u00a0 \u00a0","rel":"","context":"Dans &quot;Donn\u00e9es personnelles&quot;","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/10\/Capture-d%E2%80%99e%CC%81cran-2017-10-12-a%CC%80-14.10.10.jpg?fit=1200%2C890&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/10\/Capture-d%E2%80%99e%CC%81cran-2017-10-12-a%CC%80-14.10.10.jpg?fit=1200%2C890&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/10\/Capture-d%E2%80%99e%CC%81cran-2017-10-12-a%CC%80-14.10.10.jpg?fit=1200%2C890&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/10\/Capture-d%E2%80%99e%CC%81cran-2017-10-12-a%CC%80-14.10.10.jpg?fit=1200%2C890&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/10\/Capture-d%E2%80%99e%CC%81cran-2017-10-12-a%CC%80-14.10.10.jpg?fit=1200%2C890&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/posts\/3544","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/comments?post=3544"}],"version-history":[{"count":3,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/posts\/3544\/revisions"}],"predecessor-version":[{"id":3548,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/posts\/3544\/revisions\/3548"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/media\/3545"}],"wp:attachment":[{"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/media?parent=3544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/categories?post=3544"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/tags?post=3544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}