In 2026, cybersecurity in France is a governance issue. Faced with ransomware, AI phishing, and supply chain attacks, organizations must better manage risks. With GDPR and NIS2, executives are responsible for cyber resilience and compliance.
In 2026, the cyber risk landscape in France has emerged as a strategic concern that extends far beyond IT departments and technical cybersecurity teams. Executives and board members must now consider cyber risk as a global threat to the company, capable of affecting business continuity, regulatory compliance, and organizational reputation.
This evolution is explained by the convergence of three major trends: the persistence of ransomware attacks, the increasing sophistication of AI-powered phishing campaigns, and the rise of attacks targeting digital supply chains.
Ransomware remains one of the most significant cyber threats globally, and France is no exception. International cybersecurity data indicates that ransomware incidents continue to rise, with an increase of over 40% in attacks by the end of 2026 compared to 2024. Furthermore, nearly eight out of ten organizations report having faced a ransomware attempt or incident in recent years.
These attacks are no longer limited to data encryption and ransom demands. They can also severely disrupt essential services and organizational operations.
In the French context, some highly publicized security breaches, particularly those involving public administrative systems — such as the €5 million fine imposed by the Commission Nationale de l'Informatique et des Libertés (CNIL) on France Travail for failures in data security measures — clearly illustrate the operational and regulatory risks associated with cyber incidents.
While this sanction is related to data protection shortcomings, the underlying causes — insufficient authentication, inadequate logging, and overly broad access permissions — are also vulnerabilities frequently exploited by ransomware actors to gain initial access to systems or move laterally within networks.
French SMEs, mid-sized companies, and even some public institutions often have limited cybersecurity capabilities. They thus become prime targets for cybercriminals.
In this context, ransomware should no longer be considered a mere IT problem: it is now a strategic risk for executives, with financial, operational, and regulatory implications.
Artificial intelligence has profoundly transformed the cyber threat environment by enabling attackers to automate and industrialize sophisticated social engineering campaigns.
In 2026, AI-orchestrated phishing attacks — notably through the automated generation of personalized emails or the use of deepfake content — have become one of the main vectors of initial compromise.
According to the Global Cybersecurity Outlook 2026, fraud and phishing related to digital technologies are now among the top concerns for executives, sometimes even ahead of ransomware in some strategic risk assessments.
These AI-amplified threats are particularly effective because they allow:
drafting highly credible messages in the target's native language;
mimicking internal communication styles and even the voice of executives;
directly targeting decision-makers to bypass traditional security controls.
For French organizations, this means that classic perimeter defenses — such as firewalls or signature-based filters — are no longer sufficient.
Attackers now use generative AI to create hyper-personalized spear-phishing campaigns, capable of deceiving insufficiently aware employees or executives.
Thus, phishing is no longer solely a technical cybersecurity issue: it is now a governance and leadership challenge, as these attacks exploit human and organizational trust.
Attacks targeting digital supply chains have become one of the most disruptive forms of compromise in 2026.
Unlike direct intrusions, these attacks exploit trusted relationships with third parties — such as software publishers, managed service providers (MSPs), cloud platforms, or open-source dependencies — to infiltrate a large ecosystem of organizations from a single entry point.
International threat reports indicate that these supply chain compromises now account for a disproportionate share of the most serious cybersecurity incidents.
In the French context, where regulations concerning critical infrastructure, financial services, and public services are particularly strict — notably within the framework of the European NIS2 directive, which is being transposed into French law — risks related to suppliers are no longer just a technical vulnerability: they are becoming a governance and compliance priority.
The NIS2 directive introduces new obligations regarding third-party risk management and requires documented cyber risk assessments covering the entire digital ecosystem of an organization, including suppliers and service providers.
In this interconnected context, even organizations with strong internal security measures can be indirectly compromised through partners.
This reinforces the need for executive-level oversight of vendor risk management systems, contractual security obligations, and independent assurance mechanisms.
In France, cyber risk can no longer be considered an exclusively technical responsibility entrusted to IT teams. Regulators, customers, insurers, and business partners now expect visible involvement from management in managing digital resilience.
A serious incident can trigger:
a CNIL inspection if personal data is affected;
specific obligations in certain regulated sectors;
significant contractual consequences for suppliers and customers.
The model introduced by the NIS2 directive is particularly explicit: cybersecurity is now the responsibility of governing bodies, and not solely a technical function.
For executives, the cyber risk related to GDPR primarily manifests during personal data breaches.
When a breach is likely to result in a risk to the rights and freedoms of individuals, organizations must notify the CNIL within 72 hours of becoming aware of it.
They must also:
document the incident internally;
notify affected individuals when the risk is high.
The NIS2 directive broadens the scope of organizations concerned in several critical sectors and strengthens requirements for cyber risk management and incident reporting.
The European Commission's monitoring of the implementation of this directive indicates that organizations operating in France must already prepare to comply with these requirements, even if some national provisions are still being finalized.
The National Cybersecurity Agency of France (ANSSI) regularly presents cyber risk as a major organizational risk requiring governance at the highest level.
The guides published by ANSSI offer concrete approaches for executives to implement a digital risk management policy that integrates:
governance;
risk management;
strategic decision-making.
These resources are particularly useful for executives, as they link cybersecurity to governance and organizational management issues, rather than to isolated technical solutions.
The NIS2 directive significantly strengthens the requirements for executives.
The governing body of an organization must now:
approve cyber risk management measures;
oversee their implementation;
assume responsibility in case of failure to comply with regulatory obligations.
This evolution profoundly changes how executives must organize cybersecurity governance.
Decisions must be formalized, responsibilities clearly defined, and security measures documented in a traceable manner.
In this context, cybersecurity becomes a central element of organizational governance, just like financial management, regulatory compliance, or operational risk management.
In many incidents, attackers do not directly target the main organization but exploit suppliers or partners. IT service providers, payroll tools, CRM platforms, marketing solutions, or even cloud integrators can become entry points to internal systems.
A common failure is to treat supplier integration solely as an administrative procurement procedure, without genuine security risk assessment. In these situations, organizations may:
omit to include security clauses in supplier contracts;
apply overly broad access rules to internal systems;
lack mechanisms for monitoring provider access.
The NIS2 directive also strengthens requirements for digital supply chain security, meaning that companies must now pay increased attention to managing third-party risks.
Many companies have a documented incident response plan, but it is never tested under real conditions.
When an incident occurs, several difficulties often arise:
delays in escalating the incident to management;
ineffective management of containment actions;
errors in collecting and preserving evidence;
communication problems with customers and partners;
difficulties in implementing notification procedures to the CNIL when personal data is concerned.
The CNIL's recommendations regarding data breaches clearly highlight the importance of being able to react quickly and in a structured manner.
When cyber risk is not integrated into the Enterprise Risk Management (ERM) framework, boards of directors and executive committees perceive cybersecurity solely as an IT expense, and not as a strategic risk.
The recommendations of ANSSI are explicit: cyber risk must be dealt with at the highest level of governance, with a structured policy and traceability of decisions made.
To effectively integrate cybersecurity into organizational governance, executives must establish a clear cyber risk management framework.
Essential elements include:
defining cyber risk tolerance (e.g., acceptable level of operational disruption or data loss);
maintaining a cyber risk register reviewed by the board, including scenarios classified by severity level (ransomware, supplier compromise, digital fraud);
clarifying decision-making responsibilities among key functions (CEO, CIO, CISO, legal department, DPO) and establishing a clear escalation chain;
requiring proof of compliance and effectiveness, such as audit trails, tested incident response plans, supplier controls, and employee training.
Leaders can use the following list to check their organization's readiness for regulatory obligations and cyber risks.
Verify if the organization falls within the scope of the NIS2 directive (sector of activity and type of entity) and map the associated obligations.
Approve a formalized cyber risk management policy at the management body level.
Maintain a cyber risk register overseen by management and integrated into overall risk management (ERM).
Assess supplier-related risks and integrate security clauses into contracts.
Apply the principle of least privilege and control high-privilege accounts.
Ensure backup resilience and regularly test restoration procedures.
Test incident response plans at least twice a year (simulation exercises and technical tests).
Verify CNIL notification procedures in case of data breach: assessment, decision log, 72-hour deadline, and communication plan.
Provide training for leaders and employees (phishing, crisis management, reporting procedures).
Regularly present to the board of directors a cyber dashboard based on key indicators (risk reduction, detection time, recovery time).
In the French market, cyber risk is now closely linked to several strategic dimensions:
financial management;
legal and regulatory obligations;
operations;
reputation and brand.
A single incident can lead to:
obligations related to the GDPR and an investigation by the CNIL ;
sectoral expectations reinforced by ANSSI recommendations;
expanded European obligations for essential or important entities under NIS2.
This combination of requirements means that boards of directors must treat cybersecurity as a governance issue, not just an IT budget line item.
ANSSI also recommends preparing organizations for cyber crises by organizing crisis management exercises to test decision-making, communication, and recovery capabilities under pressure.
The CNIL's enforcement actions have intensified in recent years.
In its 2024 activity report, the authority reported a sharp increase in corrective measures and noted that the number of sanctions had doubled, alongside a rise in compliance orders and reprimands.
For leaders, this development is significant: cybersecurity failures are often directly linked to the security obligations set out in the GDPR, and poor management of a data breach can lead to additional sanctions.
The NIS2 directive establishes European requirements for security and incident reporting across many sectors, including:
energy
transport
health
digital infrastructure
public administration
It also imposes explicit responsibilities on management bodies.
In France, ANSSI and CERT-FR play a central role in the national ecosystem for managing and coordinating cyber incidents.
In the financial sector, the European DORA (Digital Operational Resilience Act) regulation, applicable since January 2025, strengthens requirements for digital operational resilience and oversight of technology providers.
European authorities now have a framework to supervise critical ICT providers used by the financial sector, reflecting how risks associated with cloud service concentration are now considered a systemic stability issue.
The NIS2 directive is explicit: management bodies must approve cyber risk management measures and oversee their implementation.
It also introduces governance requirements that strengthen the accountability of leaders.
In practice, this leads boards of directors to demand concrete evidence, such as:
regular risk reports;
results of security tests;
supplier controls;
monitoring of corrective actions.
According to the GDPR, organizations must notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of a personal data breach, unless the breach is unlikely to result in a risk to the affected individuals.
This 72-hour deadline directly influences leaders' decision-making regarding:
incident containment;
impact assessment;
communication strategy.
In France, reports can be made internally or to external authorities, and individuals who report breaches of European law benefit from legal protection.
This is particularly relevant in the cyber domain, as security incidents or governance failures—such as access control issues, vendor management problems, or system logging issues—are often detected by employees before management.
A credible report can accelerate an incident's escalation faster than a technical alert.
Public disclosures, complaints from affected customers, or highly publicized service interruptions can trigger inquiries from regulators, insurers, and business partners.
When an incident becomes public, leaders' reactions are assessed not only on the technical resolution of the problem, but also on:
the speed of response;
the transparency of communication;
control of the situation.
In most major sanctions, the problem lies not in the absence of a specific tool, but in governance failures.
Recurring patterns include:
undefined risk management responsibility;
insufficient documentation;
controls existing only on paper and never tested.
The GDPR requires organizations to implement appropriate technical and organizational measures based on the level of risk. Regulatory authorities therefore assess whether the measures implemented were reasonable in the context.
Customer trust quickly diminishes when they feel uninformed or experience repeated service outages.
In the long run, this can lead to:
customer loss;
contract termination;
longer sales cycles, especially in regulated sectors and public markets.
For publicly traded companies, the uncertainty linked to a cyber incident and operational disruptions can affect valuation, financial forecasts, and investor confidence, even when regulatory fines are not the primary cost.
Ransomware attacks or supplier failures can interrupt essential functions such as:
billing
service delivery
patient care
logistical operations
Recovery costs—including technical investigations, system rebuilding, legal fees, crisis communication, and customer support—often far exceed the amount of financial penalties.
Leaders operating in France can integrate cyber risk into their organizational strategy by adopting three key practices at the board level:
Define risk tolerance and protection priorities related to critical processes and strategic data.
Demand concrete evidence: tested incident response plans, supplier controls, and metrics measuring the actual effectiveness of security measures—not just the existence of written policies. The crisis simulation approach recommended by ANSSI is a solid reference.
Link compliance to operations: preparation for data breaches according to GDPR (72-hour deadline), NIS2 governance requirements, and an operational resilience approach inspired by DORA for financial environments.
By adopting these practices, organizations can transform cybersecurity from a mere technical issue into a strategic pillar of corporate governance.
French organizations operate in an active and constantly intensifying cyber threat environment. According to cross-analysis of several French cybersecurity reports, 5,629 data breaches were reported to the Commission Nationale de l'Informatique et des Libertés (CNIL) in 2024, an increase of approximately 20% compared to the previous year, while the Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) recorded 1,361 cybersecurity incidents reported in various sectors. A significant portion of these breaches involved weaknesses at the supplier or subcontractor level, confirming that interconnected risks are now central to organizations' exposure.
The national cybersecurity agency also regularly publishes a threat landscape describing the dominant motivations and offensive capabilities used by attackers. These analyses show that organized criminal groups, like state-linked actors, continue to increase the sophistication of their attacks, ranging from ransomware to espionage targeting critical infrastructure.
In this context, leaders can no longer consider cyberattacks as rare or isolated events. A breach can quickly turn into a regulatory, legal, and economic crisis affecting several functions of the company.
Entrusting cybersecurity solely to IT teams weakens the organization's resilience. Regulators now expect cyber risk to be managed at the executive and board levels, with visibility into risk registers, test results, and exposure reduction strategies.
In France, best practices are increasingly based on integrated risk reporting systems, linking technical controls to the company's risk appetite and strategic planning.
Many breaches involve third parties with insufficient security practices. Since the NIS2 directive — once fully transposed — and the GDPR require organizations to manage the extended risks of their supply chain, leaders must ensure that contractor compliance is subject to regular assessments and continuous monitoring.
Cloud environments have become central to business operations. However, misconfigured cloud services can expose sensitive data and critical systems. French regulators and guidance documents emphasize the importance of encryption, access control, and continuous monitoring of cloud configurations as part of a robust cyber posture.
Authorities like the CNIL and ANSSI are looking for concrete evidence and traceable decisions, not just internal policies kept in files. Documentation must show decisions made, responsibilities assigned, test results, and risk treatment measures in an easily auditable format.
In accordance with the GDPR and French practice, organizations must notify the CNIL within 72 hours when a personal data breach occurs. A delay or incomplete notification can aggravate regulatory exposure and weaken confidence in the organization's ability to manage the incident.
Regulatory authorities are increasingly evaluating whether cyber risk management programs are truly integrated into governance processes and daily operations. Leaders must therefore be able to demonstrate several essential elements.
French guidelines for NIS2 clearly state that risk mapping must be comprehensive and auditable. It must cover threats, vulnerabilities, control measures, and residual exposure, both in internal systems and in third-party relationships.
Regulators now expect leaders to be able to present records of risk review meetings, board decisions regarding cybersecurity priorities, and active monitoring of compliance programs.
Good cybersecurity practices in France, supported by the recommendations of the CNIL and ANSSI, include regularly tested business continuity and incident response plans. These tests must be based on clear criteria, involve essential stakeholders, and lead to formalized results.
Human error remains one of the main factors in compromise. Regulators expect organizations to deploy continuous staff training and awareness programs, documented and evaluated for their effectiveness. Courses such as "Cybersecurity and Information Risk Management" can be very useful in this regard.
In France, preparing for a regulatory audit cannot rely on a one-off action. It requires the establishment of a permanent cycle of evidence production.
Organizations should notably:
implement a documented compliance cycle tracking risk assessments, corrective actions, and control tests;
maintain versioned logs as well as a clear distribution of responsibilities for all evidence related to risk and compliance;
conduct internal audits and simulated regulatory reviews to improve their level of preparedness;
align data breach management processes under the GDPR with the future incident notification requirements provided by NIS2 once fully transposed.
This continuous preparation logic allows an organization to present tangible evidence to the authorities at any time, and not just simple annual reports far from operational realities.
Leadership teams should, in the very short term:
review and update the cyber risk register with clear assignment of responsibilities and duly documented measurable controls;
audit the security practices of subcontractors and integrate third-party risk monitoring into overall risk management frameworks;
test incident response and business continuity plans in the presence of key senior stakeholders;
document all compliance decisions and integrate them into regular reports to the board of directors;
launch a new staff awareness and phishing simulation program to reduce human factor risk.
These practical measures are consistent with evolving regulatory expectations in France and strengthen cyber resilience before upcoming audit and compliance deadlines.
By 2026–2028, French organizations will face an increasingly active control environment. The CNIL has already adopted a firm regulatory stance on data protection and cybersecurity, issuing hundreds of decisions and several significant sanctions in 2025 and 2026 following breaches that exposed personal data or revealed failures to meet basic security requirements.
From the beginning of 2026, the CNIL has imposed significant sanctions on French entities for insufficient technical and organizational measures as well as for poor management of breach notifications, clearly indicating that enforcement will remain strong.
For leaders and compliance officers, this trend sends a clear message: regulators are not only monitoring privacy protection mechanisms; they are increasingly directly linking security failures and incident management — especially when they concern personal data — to concrete consequences.
Leadership teams must therefore closely monitor control trends and particularly exposed sectors, especially in a French economic environment marked by accelerating digital transformation and data-driven services.
Among the upcoming regulatory developments is the European Artificial Intelligence Act (AI Act), which will profoundly transform compliance obligations in France and throughout the European Union.
The full application of its provisions is being implemented progressively, with a compliance requirement for high-risk AI systems starting in August 2026, followed by other deadlines running until 2027.
Concretely, this means that organizations deploying AI systems — whether for content moderation, automated decision-making, customer profiling, or critical infrastructure management — will have to ensure that their use of AI is based on:
robust governance policies;
structured risk assessments;
human oversight mechanisms;
high standards of documentation.
Many systems used in operational decisions could fall into the "high-risk" category, which will require concrete preparation for compliance precisely when the requirements of GDPR, NIS2, and other European frameworks intersect.
The AI Act builds on existing cybersecurity and data protection laws while adding specific requirements for high-risk AI systems.
These requirements notably include:
risk assessments;
resilience checks;
evidence regarding the robustness of datasets;
continuous security monitoring, consistent with GDPR obligations.
For French leaders, complying with the AI Act means integrating cybersecurity into AI governance, linking AI-related risk controls to overall enterprise risk management, documenting compliance and test results, and preparing for potential authority controls on AI deployments.
In parallel with these AI-specific obligations, transparency and reporting requirements are being strengthened. Operators of high-risk AI systems, like entities providing critical services — especially those covered by NIS2 — will have to meet stricter deadlines for incident reporting, as well as enhanced information obligations on system design and risk control measures.
This evolution is part of a broader European trend aimed at accelerating notification deadlines, including for technological incidents with national or cross-border impact.
Operational managers — particularly CISOs, DPOs, and risk management managers — are receiving increasing attention from regulators and general management, as the risk of non-compliance is now at the intersection of several frameworks: GDPR, NIS2, AI Act, and specific sectoral regulations such as digital operational resilience standards.
This increasing convergence puts more pressure on operational managers, who must be able to demonstrate not only the existence of compliance documents but also the reality of effective, traceable, tested, and continuously updated controls.
Regulators increasingly view cybersecurity and data protection as corporate governance issues, not just isolated technical devices.
In France, management committees and boards of directors — particularly in the finance, health, and digital services sectors — require proactive roadmaps, compliance dashboards, cross-functional documentation, and trend analyses on risks covering all relevant regulations.
Boards of directors and leadership teams must engage in continuous cyber and regulatory training programs that go beyond mere general awareness.
These trainings should cover:
understanding regulatory frameworks (GDPR, NIS2, AI Act);
the role of leadership in an incident situation;
risk-based decision making;
scenario planning.
An example of such courses can be the French Compliance Institute's "Cybersecurity and Information Risk Management" course.
This allows decision-makers to adopt a common language with technical teams and react more robustly when regulators demand accountability.
Cyber compliance and data protection must be integrated across all business functions — legal, security, operations, procurement, and product development.
Clear assignment of responsibilities, documented workflows, and traceable evidence of control implementation constitute the accountability frameworks that French regulators now expect.
Compliance is no longer a one-off process. It requires continuous monitoring of the cyber posture, frequent control reviews, automated evidence collection, and real-time reporting mechanisms.
This approach aligns with the spirit of NIS2, which emphasizes continuous resilience and transparency, as well as the future reporting obligations provided by the AI Act for high-risk systems.
The most advanced organizations can transform regulatory compliance into a competitive advantage.
When a company demonstrates not only its ability to reduce risks but also the existence of robust governance, transparent reporting, and the integration of cyber risk into its strategy, it strengthens:
customer confidence;
its attractiveness to investors;
its ability to limit operational disruptions.
In a market like France, where data protection and technological governance standards are high, a proactive compliance culture can differentiate a brand and open opportunities in highly regulated sectors.
Sources
Forum économique mondial. Global Cybersecurity Outlook 2026 – Threat trends and executive concerns.
https://reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2026.pdf
Commission nationale de l'informatique et des libertés (CNIL). Sanction pour violation de données : amende de 5 millions d'euros pour France Travail.
https://www.cnil.fr/en/data-breach-5million-fine-france-travail
TechPulse. Les attaques sur les chaînes d'approvisionnement dominent les menaces de cybersécurité mondiales en 2026.
https://techpulsemea.com/supply-chain-attacks-dominate-2026-threats/
Rapport du Group-IB. Les attaques sur les chaînes d'approvisionnement devraient dominer le paysage mondial de la cybersécurité.
https://cyberlife.ae/2026/02/27/supply-chain-attacks-to-dominate-global-cybersecurity-landscape-by-2026-warns-new-report/
Rödl & Partner. Impact et obligations de conformité de la directive NIS2 en Europe.
https://www.roedl.it/en-gb/it/insights/Pages/Tech-Data-Bites/2-26/online-targeted-advertising-high-risk-practice-compliance-falls-short.aspx
Commission européenne. Directive NIS2 – Vue d'ensemble de la politique de cybersécurité de l'UE.
https://digital-strategy.ec.europa.eu/en/policies/nis2-directive
EUR-Lex. Directive (UE) 2022/2555 – Texte intégral de la directive NIS2.
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022L2555
Commission européenne. État d'avancement de la mise en œuvre de la directive NIS2 en France.
https://digital-strategy.ec.europa.eu/en/policies/nis2-directive-france
Agence nationale de la sécurité des systèmes d'information (ANSSI). Page d'information sur la directive NIS2.
https://cyber.gouv.fr/reglementation/cybersecurite-systemes-dinformation/directives-nis-nis2-et-dispositif-saiv/directive-nis-2/
ANSSI & AMRAE. Maîtriser le risque numérique – Le guide de l'avantage de la confiance.
https://messervices.cyber.gouv.fr/documents-guides/anssi_amrae-guide-controlling_digital_risk-trust_advantage.pdf
Commission nationale de l'informatique et des libertés (CNIL). Guide de la cybersécurité 2024.
https://cnil.fr/sites/cnil/files/2024-05/cnil_cybersecurity_2024_en.pdf
Commission nationale de l'informatique et des libertés (CNIL). Sanctions et mesures correctives – Actions de la CNIL en 2024.
https://www.cnil.fr/en/sanctions-and-corrective-measures-cnils-actions-2024
Union européenne. Règlement (UE) 2016/679 – Règlement général sur la protection des données (RGPD).
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679
Union européenne. Directive (UE) 2022/2555 – Directive NIS2.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022L2555
Agence nationale de la sécurité des systèmes d'information (ANSSI). Guide : Organiser un exercice de gestion de crise cyber.
https://messervices.cyber.gouv.fr/documents-guides/anssi-guide-organising_a_cyber_crisis_management_exercise-v1.0.pdf
Autorité européenne des assurances et des pensions professionnelles (AEAPP). Présentation de la loi sur la résilience opérationnelle numérique (DORA).
https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en
Service-Public.fr (Portail du gouvernement français). Protection des lanceurs d'alerte en France.
https://www.service-public.gouv.fr/particuliers/vosdroits/F32031
Découvrez pourquoi la stratégie ESG est essentielle pour les entreprises françaises. Apprenez-en davantage sur les réglementations, la responsabilité des conseils d'administration, les risques ESG et...
Découvrez les 8 exigences obligatoires de la loi Sapin II pour les organisations françaises, de la cartographie des risques et la diligence envers les tiers...
Les délégués à la protection des données (DPD) jouent un rôle central en veillant à ce que les organisations se conforment aux lois sur la...