{"id":10451,"date":"2022-01-24T09:00:59","date_gmt":"2022-01-24T08:00:59","guid":{"rendered":"https:\/\/www.sage.com\/fr-fr\/blog\/?p=10451"},"modified":"2026-02-05T14:17:41","modified_gmt":"2026-02-05T13:17:41","slug":"certification-iso-27018-garantissez-le-respect-de-la-protection-des-informations-personnelles","status":"publish","type":"post","link":"https:\/\/www.sage.com\/fr-fr\/blog\/certification-iso-27018-garantissez-le-respect-de-la-protection-des-informations-personnelles\/","title":{"rendered":"Certification ISO 27018 : garantissez le respect de la protection des informations personnelles"},"content":{"rendered":"<header class=\"entry-header has-dark-background-color entry-header--has-illustration entry-header--has-illustration--generic\">\n\t<div class=\"container\">\n\t\t<div class=\"entry-header__row row align-center\">\n\t\t\t<div class=\"col col-lg-7 col-xlg-6 entry-header__content\">\n\t\t\t\t\t\t\t<div class=\"component component-single-header\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"entry-header__misc text--subtitle text--uppercase text--small\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.sage.com\/fr-fr\/blog\/categorie\/digitalisation-et-tendances\/\" class=\"entry-header__link\">Digitalisation &amp; Tendances<\/a>\t\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t<div class=\"entry-title-wrapper\">\n\t\t\t\t\t<h1 class=\"entry-title\">\n\t\t\t\t\t\tCertification ISO 27018 : garantissez le respect de la protection des informations personnelles\t\t\t\t\t<\/h1>\n\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t<p class=\"entry-header__description\">\n\t\t\t\t\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n\t<div class=\"single-post-details container\">\n\t\t<div class=\"col\">\n\t\t\t<span class=\"posted-on \"><time class=\"entry-date published\" datetime=\"2022-01-24T09:00:59+01:00\">24 janvier 2022<\/time><\/span><span class=\"reading-time\"> min de lecture<\/span>\n\t\t<button\n\t\t\ttype=\"button\"\n\t\t\tclass=\"social-share-button button button--icon button--secondary js-social-share-button\"\n\t\t\tdata-share-title=\"Certification ISO 27018 : garantissez le respect de la protection des informations personnelles\"\n\t\t\tdata-share-url=\"https:\/\/www.sage.com\/fr-fr\/blog\/certification-iso-27018-garantissez-le-respect-de-la-protection-des-informations-personnelles\/\"\n\t\t\tdata-share-text=\"Veuillez lire cet article int\u00e9ressant\"\n\t\t>\n\t\t\t<span class=\"social-share-button__share-label\">Partager<\/span>\n\t\t\t<span class=\"social-share-button__copy-label\" hidden>Copier le lien<\/span>\n\t\t\t<span class=\"social-share-button__copy-tooltip\" aria-hidden=\"true\" hidden>Copi\u00e9<\/span>\n\t\t<\/button>\n\n\t\t\t\t<\/div>\n\t<\/div>\n<\/header>\n\n\n\n<div class=\"wp-block-post-author has-dark-background-color alignfull\">\n\t<div class=\"container\">\n\t\t<div class=\"col\">\n\t\t\t\t\t\t\t<div class=\"co-authors\">\n\t\t\t\t\t\n\t\t<div class=\"entry-author-wrapper\">\n\t\t\t<a class=\"entry-author\" href=\"https:\/\/www.sage.com\/fr-fr\/blog\/author\/sabineducrot\/\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"40\" height=\"40\" src=\"https:\/\/www.sage.com\/fr-fr\/blog\/wp-content\/uploads\/sites\/4\/2021\/04\/Sabine-Ducrot-Ciss-350x350.png\" class=\"entry-author__image\" alt=\"\" \/>\t\t\t\t<span class=\"entry-author__name\">Sabine Ducrot-Ciss<\/span>\n\t\t\t<\/a>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n\n<p>Dans le monde entier, la r\u00e9glementation tend \u00e0 prot\u00e9ger de fa\u00e7on de plus en plus stricte <strong>les donn\u00e9es relatives aux consommateurs<\/strong>. Gare aux entreprises qui, par n\u00e9gligence ou malveillance, feraient fi des directives du l\u00e9gislateur ! Elles s\u2019exposent \u00e0 de <strong>lourdes sanctions financi\u00e8res<\/strong>, si lourdes qu\u2019elles pourraient mettre en p\u00e9ril un fournisseur de <a href=\"https:\/\/www.sage.com\/fr-fr\/blog\/cloud-prive-public-hybride-que-choisir\/\">service Cloud<\/a> public, par exemple, s\u2019il se trouvait dans le collimateur des autorit\u00e9s.<br>\n<strong>La certification ISO\/IEC 27018 s\u2019adresse aux fournisseurs de Cloud public<\/strong>, agissant comme processeurs de donn\u00e9es, qu\u2019elle contraint \u00e0 des r\u00e8gles strictes de respect de la vie priv\u00e9e des consommateurs.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"#gate-eb30b504-6632-49cf-872a-1a05db1073ff \">T\u00e9l\u00e9chargez gratuitement le livre blanc \u00ab\u00a010 id\u00e9es re\u00e7ues sur le Cloud\u00a0\u00bb<\/a><\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-certification-iso-27018-l-assurance-du-respect-scrupuleux-de-la-loi\">Certification ISO 27018 : l\u2019assurance du respect scrupuleux de la loi<\/h2>\n\n\n\n<p>Que l\u2019on se trouve d\u2019un c\u00f4t\u00e9 ou de l\u2019autre de l\u2019Atlantique, les exigences l\u00e9gales en mati\u00e8re de d\u00e9tention d\u2019informations personnelles ne sont pas du tout les m\u00eames. <strong>Aux \u00c9tats-Unis, la protection de la vie priv\u00e9e concerne essentiellement les PII<\/strong> (<em>Personal Identifying Informations<\/em>), ou <strong>Informations Personnelles Identifiables<\/strong> (IPI) en fran\u00e7ais, qui sont de \u00ab simples \u00bb donn\u00e9es d\u2019identification comme :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Les pr\u00e9nom\/nom des personnes<\/li>\n\n\n\n<li>Leur date de naissance<\/li>\n\n\n\n<li>Leur num\u00e9ro de t\u00e9l\u00e9phone<\/li>\n\n\n\n<li>Leur adresse postale<\/li>\n\n\n\n<li>Leur num\u00e9ro de S\u00e9curit\u00e9 Sociale<\/li>\n\n\n\n<li>Leur num\u00e9ro de passeport<\/li>\n\n\n\n<li>Leur num\u00e9ro de Permis de conduire<\/li>\n\n\n\n<li>Leur num\u00e9ro de carte bancaire&#8230;<\/li>\n<\/ul>\n\n\n\n<p><strong>En Europe, la loi est beaucoup plus stricte<\/strong> encore puisque le <a href=\"https:\/\/www.cnil.fr\/fr\/reglement-europeen-protection-donnees\" target=\"_blank\" rel=\"noopener\">RGPD <\/a>(R\u00e8glement G\u00e9n\u00e9ral sur la Protection des Donn\u00e9es) \u00e9tend la notion d\u2019IIP (ou IPI) \u00e0 <strong>toute information relative \u00e0 la vie priv\u00e9e, professionnelle ou publique<\/strong> d\u2019un r\u00e9sident de l\u2019UE. Autrement dit, sont concern\u00e9es par le RGPD :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Les adresses IP<\/li>\n\n\n\n<li>Les informations bancaires<\/li>\n\n\n\n<li>Les adresses \u00e9lectroniques<\/li>\n\n\n\n<li>Les informations des r\u00e9seaux sociaux&#8230;<\/li>\n<\/ul>\n\n\n\n<p>Toutes ces informations sont consid\u00e9r\u00e9es comme ayant un caract\u00e8re personnel. En Europe, <strong>avant d\u2019\u00eatre autoris\u00e9e \u00e0 les stocker, une organisation doit donc solliciter l\u2019autorisation de la personne concern\u00e9e<\/strong>. Elle doit aussi s\u2019assurer que ces informations sont utilis\u00e9es dans le contexte (raison, dur\u00e9e) pour lequel elles ont \u00e9t\u00e9 collect\u00e9es.<\/p>\n\n\n\n<p>Compl\u00e9mentaire de la certification ISO 27001, relative aux Syst\u00e8mes de Management de la S\u00e9curit\u00e9 des Informations, l\u2019ISO\/IEC 27018 regroupe un grand nombre de bonnes pratiques en mati\u00e8re de protection des donn\u00e9es personnelles.<br>\n<strong>En se pr\u00e9valant de la norme ISO 27018, l\u2019entreprise garantit un niveau maximum de contr\u00f4les dans le domaine de la s\u00e9curit\u00e9 des data et dans celui de la protection des donn\u00e9es personnelles stock\u00e9es dans le Cloud<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-iso-27018-quels-benefices\">ISO 27018 : quels b\u00e9n\u00e9fices ?<\/h2>\n\n\n\n<p>Cette certification permet aux fournisseurs de services de <a href=\"https:\/\/www.sage.com\/fr-fr\/blog\/glossaire\/cloud-computing-definition-du-cloud-computing\/\">Cloud computing<\/a> public de garantir \u00e0 leurs prospects, clients et partenaires un niveau maximum de contr\u00f4les dans le domaine de la s\u00e9curit\u00e9 des data et dans celui de la protection des donn\u00e9es personnelles qu\u2019ils conservent. En somme, ils les rassurent sur le sujet \u00f4 combien sensible du respect de la vie priv\u00e9e.<br>\nA l\u2019heure actuelle, tous les grands fournisseurs de Cloud public sont certifi\u00e9s ISO 27018. En France, certains standards nationaux reprennent les exigences de la certification ISO 27018. C\u2019est le cas, par exemple, de la certification des <a href=\"https:\/\/certification.afnor.org\/numerique\/certification-hds-hebergement-des-donnees-de-sante?pk_source=google-adwords&amp;pk_medium=cpc&amp;gclid=Cj0KCQjwqp-LBhDQARIsAO0a6aIThiExGO-WvlCd9XS-wd2Bbxn-UZmDxmo24F39cbQX-33WjAzxav4aAmYCEALw_wcB\" target=\"_blank\" rel=\"noopener\">H\u00e9bergeurs de Donn\u00e9es de Sant\u00e9 (HDS)<\/a>.<\/p>\n\n\n\n<p>Pour aller plus loin :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.sage.com\/fr-fr\/blog\/label-cloud-de-confiance\/\">Le Cloud de confiance, un nouveau label pour s\u00e9curiser les op\u00e9rations en ligne<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.sage.com\/fr-fr\/blog\/rgpd-1-an-apres-entree-en-vigueur\/\">RGPD : 1 an apr\u00e8s l\u2019entr\u00e9e en vigueur, o\u00f9 en sont les entreprises ?<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.sage.com\/fr-fr\/blog\/rgpd-guide-petites-moyennes-entreprises\/\">RGPD : Le guide pour les Petites et Moyennes Entreprises [guide]<\/a><\/li>\n<\/ul>\n\n\n\n<div class=\"single-cta gated-content\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">10 id\u00e9es re\u00e7ues sur le Cloud. Et comment s\u2019en d\u00e9barrasser\u2026<\/h2>\n\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"#gate-eb30b504-6632-49cf-872a-1a05db1073ff\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>T\u00e9l\u00e9charger le livre blanc<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"1250\" height=\"810\" src=\"https:\/\/www.sage.com\/fr-fr\/blog\/wp-content\/uploads\/sites\/4\/2021\/12\/10-idees_recues_cloud-CTA-guide-1250x810.jpg\" class=\"single-cta__image\" alt=\"10 id\u00e9es re\u00e7ues sur le Cloud\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/fr-fr\/blog\/wp-content\/uploads\/sites\/4\/2021\/12\/10-idees_recues_cloud-CTA-guide-1250x810.jpg 1250w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n\n\n<div class=\"single-cta\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">Inscrivez-vous \u00e0 la e-newsletter mensuelle<\/h2>\n\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"#gate-a947ade1-e692-455f-94ce-a275d72a9a11\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>Je m&#039;abonne<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"1024\" height=\"779\" src=\"https:\/\/www.sage.com\/fr-fr\/blog\/wp-content\/uploads\/sites\/4\/2021\/05\/spreadsheets-1024x779-1.jpg\" class=\"single-cta__image\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/fr-fr\/blog\/wp-content\/uploads\/sites\/4\/2021\/05\/spreadsheets-1024x779-1.jpg 1024w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Dans le monde entier, la r\u00e9glementation tend \u00e0 prot\u00e9ger de fa\u00e7on de plus en plus stricte les donn\u00e9es relatives aux consommateurs. Gare aux entreprises qui, par n\u00e9gligence ou malveillance, feraient fi des directives du l\u00e9gislateur ! Elles s\u2019exposent \u00e0 de lourdes sanctions financi\u00e8res, si lourdes qu\u2019elles pourraient mettre en p\u00e9ril un fournisseur de service Cloud [&hellip;]<\/p>\n","protected":false},"author":902,"featured_media":10452,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sage_video":false,"post_featured_image_hide":false,"footnotes":""},"categories":[16,13],"tags":[118,239,224],"business_type":[8,9],"lilypad":[],"context":[],"industry":[23,24,25,26],"persona":[38,39,34,37],"imagine_tag":[439,728,459,806],"coauthors":[901],"class_list":["post-10451","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-digitalisation-et-tendances","category-legal-et-reglementation","tag-cybersecurite-ou-securite-informatique","tag-donnees","tag-ia-digitalisation","business_type-artisans-et-petites-entreprises","business_type-petites-et-moyennes-entreprises","industry-btp","industry-industrie","industry-negoce","industry-services"],"sage_meta":{"region":"fr-fr","author_name":"Sabine Ducrot-Ciss","featured_image":"https:\/\/www.sage.com\/fr-fr\/blog\/wp-content\/uploads\/sites\/4\/2022\/01\/iso-27018-article.jpg","imagine_tags":{"439":"Cloud","728":"DAF - DSI","459":"Petites et Moyennes Entreprises","806":"RGPD"}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Sage Advice France","distributor_original_site_url":"https:\/\/www.sage.com\/fr-fr\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/posts\/10451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/users\/902"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/comments?post=10451"}],"version-history":[{"count":0,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/posts\/10451\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/media\/10452"}],"wp:attachment":[{"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/media?parent=10451"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/categories?post=10451"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/tags?post=10451"},{"taxonomy":"business_type","embeddable":true,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/business_type?post=10451"},{"taxonomy":"lilypad","embeddable":true,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/lilypad?post=10451"},{"taxonomy":"context","embeddable":true,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/context?post=10451"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/industry?post=10451"},{"taxonomy":"persona","embeddable":true,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/persona?post=10451"},{"taxonomy":"imagine_tag","embeddable":true,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/imagine_tag?post=10451"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.sage.com\/fr-fr\/blog\/api\/wp\/v2\/coauthors?post=10451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}