Regarding personal data, all organisations are subject to GDPR (General Data Protection Regulation), since May 25, 2018, which requires them to implement the following principles:
- respect for privacy when designing information systems,
- default privacy settings of these systems, which are privacy-friendly,
- minimising the collection and retention of personal data.
Cyberattacks are no longer science fiction but represent a risk of theft or freezing of data whose probability is growing. It is therefore imperative to mitigate this new risk by identifying and applying measures to secure information throughout its lifecycle (collection, registration, storage, consultation, updating, exchange …).