The magazine > What is the RGPD?

In line with the growing importance of information systems, the regulatory context is increasingly taking over the sphere of information systems.

This is particularly true of the European Data Protection Regulation (GDPR). Published in May 2016, the regulation will come into force in May 2018 and introduces significant changes in terms of compliance requirements and the consequences of non-compliance. The challenge for the organisations concerned is therefore to put in place the processes needed to comply with the text by 2018.

Technically, the text sets out a large number of requirements designed to ensure the security of the personal data of the "data subject". An examination of these requirements shows that many of them are particularly structural. It also shows that they can be shared with management practices dedicated to the security of the organization's processes. This is the case, for example, with the impact analysis cited by the regulation, which should be aligned and shared with the SSI risk analysis.

Finally, another point to bear in mind with regard to the regulation is the need to involve a very wide range of stakeholders, going well beyond information systems security alone.

To meet this need for compliance at the best overall cost, an approach needs to be put in place to identify all the possible synergies between regulatory compliance and IS risk management. In particular, this approach makes it possible to enhance existing practices and develop new processes that can be shared for both purposes.

Economic aspects : 

While compliance with the RGPD is essential, it is also a cost centre, both in terms of achieving compliance and maintaining it.

For a compliance project to be beneficial to the company, it is essential to control these costs. This control is based on :

  • processes adapted to the organisation
  • the systematic search for synergies

The aim, when drawing up the development plan and then implementing the action plan, is to design an organisation and processes that are relevant and realistic in the context, at the time of the project and over the coming years.

Author: Thierry CHIOFALO

Find out more about Thierry CHIOFALO's lecture on the same subject here: https://www.youtube.com/watch?v=ku3p7w1Qu0Y

Catégories
Digital sovereignty
The magazine
Cookie policy

We use cookies to give you the best possible experience on our site, but we do not collect any personal data.

Audience measurement services, which are necessary for the operation and improvement of our site, do not allow you to be identified personally. However, you have the option of objecting to their use.

For more information, see our privacy policy.

Authorise Refuse