RGPD compliance can be approached according to three degrees of maturity:<\/p>\n
- \n
- setting up the basic system,<\/li>\n
- data security,<\/li>\n
- the audit and control system for the processes implemented.<\/li>\n<\/ul>\n
![\"\"](\"https:\/\/palmer-consulting.com\/wp-content\/uploads\/2020\/01\/Etapes-RGPD-300x191.png\")
<\/p>\nTo date, although the majority of data processing systems have been deployed, the basic system (data processing register, appointment of a DPO, employee awareness-raising, collection of consents, etc.) is not sufficient to guarantee adequate coverage against malicious acts such as data theft or misappropriation.<\/p>\n
This is why the regulator is asking organizations to fulfill the requirements leading to maturity level 2, in order to comply in particular with Articles 5 and 25 of the RGPD regulation, namely the implementation of a data security\/protection system.<\/p>\n
At the same time, in addition to the increasing frequency of fines for non-compliance imposed by the regulator, the Desjardins episode has raised concerns among financial organizations and highlighted the importance of a robust data security policy.<\/p>\n
Companies are therefore taking the subject seriously. Nevertheless, it turns out that bringing regulatory and safety issues under control is complex on several levels. <\/p>\n
First of all, securing data is not just a regulatory issue handled by the DPO, it can also be addressed within other support functions such as IS Security or the Data Department. As a result, there remains a lack of clarity regarding the governance of RGPD projects, as well as the roles and responsibilities of stakeholders. <\/p>\n
Secondly, the technical complexity stems from the diffuse nature of personal data in IS and the difficulty of keeping authorization management models up to date.<\/p>\n
The final difficulty concerns the business units’ acceptance of this regulatory issue, which they may perceive as a hindrance that complicates their day-to-day activities (modeling, data targeting, etc.).<\/p>\n
<\/p>\n
How can you guard against the risk of RGPD non-compliance? <\/strong><\/h4>\n
In this context, organizations need to define the right approach and make coherent trade-offs between the level of risk coverage and the ease of implementation of data security solutions.<\/p>\n
<\/p>\n
The risk-based approach<\/strong><\/h5>\n
Victor Saint-Cricq, Partner at Palmer Consulting, makes the following recommendation: “Organizations need to adopt a risk-based approach, prioritizing the processing of personal data according to their level of exposure and identification. At the same time, it is essential to propose different security solutions according to the data cycle (entry into relationship, end of relationship, end of retention), taking into account business and governmental uses”. This pragmatic approach would provide an initial security foundation that meets the regulator’s requirements and protects against data leakage. <\/p>\n
Although companies have been aware of regulatory and security issues for several years, they still have substantial efforts to make to achieve a level of compliance that will protect them against financial penalties.<\/p>\n
<\/p>\n
Written by Benjamin Poeymary<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
The RGPD came into force on May 25, 2018. One year later, on May 30, 2019, a final implementing decree was published in the JO to complete the provisions relating to controls, formal notices and penalties that may be issued by the CNIL in the event of non-compliance. Today, all organizations (private and public) are […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[80],"tags":[],"class_list":["post-5008","post","type-post","status-publish","format-standard","hentry","category-strategy-transformation"],"acf":[],"yoast_head":"\n
RGPD: where do you stand? | Palmer<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"RGPD: where do you stand? | Palmer\" \/>\n<meta property=\"og:description\" content=\"The RGPD came into force on May 25, 2018. One year later, on May 30, 2019, a final implementing decree was published in the JO to complete the provisions relating to controls, formal notices and penalties that may be issued by the CNIL in the event of non-compliance. Today, all organizations (private and public) are […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/\" \/>\n<meta property=\"og:site_name\" content=\"Palmer\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-24T17:38:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-16T15:09:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/palmer-consulting.com\/wp-content\/uploads\/2023\/09\/social-graph-palmer.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"dev@supramega.io\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"dev@supramega.io\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/rgpd-where-do-you-stand\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/rgpd-where-do-you-stand\\\/\"},\"author\":{\"name\":\"dev@supramega.io\",\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/#\\\/schema\\\/person\\\/1718c7fc78036117add5c1d9726ba902\"},\"headline\":\"RGPD: where do you stand?\",\"datePublished\":\"2020-01-24T17:38:48+00:00\",\"dateModified\":\"2026-04-16T15:09:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/rgpd-where-do-you-stand\\\/\"},\"wordCount\":518,\"publisher\":{\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/rgpd-where-do-you-stand\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/palmer-consulting.com\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/Etapes-RGPD-300x191.png\",\"articleSection\":[\"Strategy & Transformation\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/rgpd-where-do-you-stand\\\/\",\"url\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/rgpd-where-do-you-stand\\\/\",\"name\":\"RGPD: where do you stand? | Palmer\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/rgpd-where-do-you-stand\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/rgpd-where-do-you-stand\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/palmer-consulting.com\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/Etapes-RGPD-300x191.png\",\"datePublished\":\"2020-01-24T17:38:48+00:00\",\"dateModified\":\"2026-04-16T15:09:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/rgpd-where-do-you-stand\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/rgpd-where-do-you-stand\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/rgpd-where-do-you-stand\\\/#primaryimage\",\"url\":\"https:\\\/\\\/palmer-consulting.com\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/Etapes-RGPD-300x191.png\",\"contentUrl\":\"https:\\\/\\\/palmer-consulting.com\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/Etapes-RGPD-300x191.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/rgpd-where-do-you-stand\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/home\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"RGPD: where do you stand?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/\",\"name\":\"Palmer\",\"description\":\"Evolve at the speed of change\",\"publisher\":{\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/#organization\",\"name\":\"Palmer\",\"url\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/palmer-consulting.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/Palmer_Logo_Full_PenBlue_1x1-2.jpg\",\"contentUrl\":\"https:\\\/\\\/palmer-consulting.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/Palmer_Logo_Full_PenBlue_1x1-2.jpg\",\"width\":480,\"height\":480,\"caption\":\"Palmer\"},\"image\":{\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/palmer-consulting\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/palmer-consulting.com\\\/en\\\/#\\\/schema\\\/person\\\/1718c7fc78036117add5c1d9726ba902\",\"name\":\"dev@supramega.io\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a2ed6ab035296a2e41a4dbbf25a8facf56095dadb690a669bb690498cee3ca59?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a2ed6ab035296a2e41a4dbbf25a8facf56095dadb690a669bb690498cee3ca59?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a2ed6ab035296a2e41a4dbbf25a8facf56095dadb690a669bb690498cee3ca59?s=96&d=mm&r=g\",\"caption\":\"dev@supramega.io\"},\"sameAs\":[\"https:\\\/\\\/palmer-consulting.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"RGPD: where do you stand? | Palmer","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/","og_locale":"en_US","og_type":"article","og_title":"RGPD: where do you stand? | Palmer","og_description":"The RGPD came into force on May 25, 2018. One year later, on May 30, 2019, a final implementing decree was published in the JO to complete the provisions relating to controls, formal notices and penalties that may be issued by the CNIL in the event of non-compliance. Today, all organizations (private and public) are […]","og_url":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/","og_site_name":"Palmer","article_published_time":"2020-01-24T17:38:48+00:00","article_modified_time":"2026-04-16T15:09:45+00:00","og_image":[{"width":1200,"height":675,"url":"https:\/\/palmer-consulting.com\/wp-content\/uploads\/2023\/09\/social-graph-palmer.png","type":"image\/png"}],"author":"dev@supramega.io","twitter_card":"summary_large_image","twitter_misc":{"Written by":"dev@supramega.io","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/#article","isPartOf":{"@id":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/"},"author":{"name":"dev@supramega.io","@id":"https:\/\/palmer-consulting.com\/en\/#\/schema\/person\/1718c7fc78036117add5c1d9726ba902"},"headline":"RGPD: where do you stand?","datePublished":"2020-01-24T17:38:48+00:00","dateModified":"2026-04-16T15:09:45+00:00","mainEntityOfPage":{"@id":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/"},"wordCount":518,"publisher":{"@id":"https:\/\/palmer-consulting.com\/en\/#organization"},"image":{"@id":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/#primaryimage"},"thumbnailUrl":"https:\/\/palmer-consulting.com\/wp-content\/uploads\/2020\/01\/Etapes-RGPD-300x191.png","articleSection":["Strategy & Transformation"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/","url":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/","name":"RGPD: where do you stand? | Palmer","isPartOf":{"@id":"https:\/\/palmer-consulting.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/#primaryimage"},"image":{"@id":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/#primaryimage"},"thumbnailUrl":"https:\/\/palmer-consulting.com\/wp-content\/uploads\/2020\/01\/Etapes-RGPD-300x191.png","datePublished":"2020-01-24T17:38:48+00:00","dateModified":"2026-04-16T15:09:45+00:00","breadcrumb":{"@id":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/#primaryimage","url":"https:\/\/palmer-consulting.com\/wp-content\/uploads\/2020\/01\/Etapes-RGPD-300x191.png","contentUrl":"https:\/\/palmer-consulting.com\/wp-content\/uploads\/2020\/01\/Etapes-RGPD-300x191.png"},{"@type":"BreadcrumbList","@id":"https:\/\/palmer-consulting.com\/en\/rgpd-where-do-you-stand\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/palmer-consulting.com\/en\/home\/"},{"@type":"ListItem","position":2,"name":"RGPD: where do you stand?"}]},{"@type":"WebSite","@id":"https:\/\/palmer-consulting.com\/en\/#website","url":"https:\/\/palmer-consulting.com\/en\/","name":"Palmer","description":"Evolve at the speed of change","publisher":{"@id":"https:\/\/palmer-consulting.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/palmer-consulting.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/palmer-consulting.com\/en\/#organization","name":"Palmer","url":"https:\/\/palmer-consulting.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/palmer-consulting.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/palmer-consulting.com\/wp-content\/uploads\/2023\/08\/Palmer_Logo_Full_PenBlue_1x1-2.jpg","contentUrl":"https:\/\/palmer-consulting.com\/wp-content\/uploads\/2023\/08\/Palmer_Logo_Full_PenBlue_1x1-2.jpg","width":480,"height":480,"caption":"Palmer"},"image":{"@id":"https:\/\/palmer-consulting.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/palmer-consulting\/"]},{"@type":"Person","@id":"https:\/\/palmer-consulting.com\/en\/#\/schema\/person\/1718c7fc78036117add5c1d9726ba902","name":"dev@supramega.io","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a2ed6ab035296a2e41a4dbbf25a8facf56095dadb690a669bb690498cee3ca59?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a2ed6ab035296a2e41a4dbbf25a8facf56095dadb690a669bb690498cee3ca59?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a2ed6ab035296a2e41a4dbbf25a8facf56095dadb690a669bb690498cee3ca59?s=96&d=mm&r=g","caption":"dev@supramega.io"},"sameAs":["https:\/\/palmer-consulting.com"]}]}},"_links":{"self":[{"href":"https:\/\/palmer-consulting.com\/en\/wp-json\/wp\/v2\/posts\/5008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/palmer-consulting.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/palmer-consulting.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/palmer-consulting.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/palmer-consulting.com\/en\/wp-json\/wp\/v2\/comments?post=5008"}],"version-history":[{"count":1,"href":"https:\/\/palmer-consulting.com\/en\/wp-json\/wp\/v2\/posts\/5008\/revisions"}],"predecessor-version":[{"id":6589,"href":"https:\/\/palmer-consulting.com\/en\/wp-json\/wp\/v2\/posts\/5008\/revisions\/6589"}],"wp:attachment":[{"href":"https:\/\/palmer-consulting.com\/en\/wp-json\/wp\/v2\/media?parent=5008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/palmer-consulting.com\/en\/wp-json\/wp\/v2\/categories?post=5008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/palmer-consulting.com\/en\/wp-json\/wp\/v2\/tags?post=5008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}