Conformité

La manipulation des données est de plus en plus encadrée par des réglementations à travers le monde. 
Découvrez les lois, réglementations et recommandations les plus importantes en matière de protection de la vie privée des données traitées via les terminaux et applications mobiles. 

Pour en savoir plus sur la manière dont votre entreprise peut se mettre en conformité, échangez avec l’un de nos experts.

Réglementations européennes

ISO 27001:2022

L’ISO 27001 est une norme internationale de référence pour les systèmes de management de la sécurité de l’information (ISMS). Elle stipule que toute information stockée…

RGPD

Le RGPD est une réglementation européenne sur la protection des données personnelles qui s’applique à toute organisation exerçant une activité en Europe…

NIS2

La directive NIS2 est une réglementation européenne conçue pour protéger les entités essentielles et importantes contre les cybermenaces. Elle impose aux organisations…

DORA

Le DORA est une réglementation européenne visant à garantir que le secteur financier reste résilient face aux perturbations opérationnelles majeures. Il définit des standards techniques… 

PSD2

La PSD2 est une directive européenne destinée à encadrer les services de paiement et à encourager l’innovation dans le secteur financier. Elle s’applique aux banques, …

DPA

Le DPA est la législation britannique sur la protection des données. Après le Brexit, il a remplacé le RGPD au Royaume-Uni tout en reprenant largement ses principes. Les responsables…

Réglementations nord-américaines

HIPAA

La HIPAA est une réglementation américaine qui protège la confidentialité et la sécurité des informations médicales des individus (PHI – Protected Health Information)…

Checklist de cybersécurité mobile de la CISA

La Cybersecurity and Infrastructure Security Agency (CISA) met à disposition une checklist pour aider les particuliers et les organisations à renforcer la sécurité de leurs terminaux…

PIPEDA

La PIPEDA est la loi fédérale canadienne sur la protection de la vie privée, qui encadre la collecte, l’utilisation et la divulgation des informations personnelles…

FTC Act

Le FTC Act confère à la Federal Trade Commission (FTC) des États-Unis le pouvoir de faire appliquer des pratiques commerciales équitables…

Normes internationales & cadres de cybersécurité

PCI DSS

Le PCI Security Standards Council est une organisation mondiale qui définit, fait évoluer et promeut les standards de sécurité pour les entreprises… 

SOC2

Le SOC 2 est une norme développée par l’American Institute of Certified Public Accountants (AICPA) afin d’évaluer la manière dont les prestataires de services gèrent la sécurité,…

European Regulations

PSD2

PSD2 is an EU directive designed to regulate payment services and encourage innovation in the financial sector. It applies to banks, payment service providers (PSPs), and any company handling financial data. For mobile applications offering payment services such as banking apps, mobile wallets, and shopping apps with payment features PSD2 mandates strong customer authentication and secure data transmission.

NIS2

PSD2 is an EU directive designed to regulate payment services and encourage innovation in the financial sector. It applies to banks, payment service providers (PSPs), and any company handling financial data. For mobile applications offering payment services such as banking apps, mobile wallets, and shopping apps with payment features PSD2 mandates strong customer authentication and secure data transmission.

ISO 27001:2022

PSD2 is an EU directive designed to regulate payment services and encourage innovation in the financial sector. It applies to banks, payment service providers (PSPs), and any company handling financial data. For mobile applications offering payment services such as banking apps, mobile wallets, and shopping apps with payment features PSD2 mandates strong customer authentication and secure data transmission.

RGPD

PSD2 is an EU directive designed to regulate payment services and encourage innovation in the financial sector. It applies to banks, payment service providers (PSPs), and any company handling financial data. For mobile applications offering payment services such as banking apps, mobile wallets, and shopping apps with payment features PSD2 mandates strong customer authentication and secure data transmission.

DPA

The DPA is the United Kingdom’s data protection legislation. After Brexit, it replaced the GDPR in the UK and largely mirrors its principles. Mobile data processors and controllers operating in the UK must comply with the DPA to ensure the lawful and secure processing of personal data. This law can lead to fines in case of non-compliance. For example, the credit reporting agency Equifax was fined £500,000 over its 2017 data breach by the UK Information Commissioner’s Office.

DORA

DORA is an EU regulation aimed at ensuring the financial sector can remain resilient in the face of major operational disruptions. It sets technical standards for all financial entities including banks, insurers, and asset managers regarding their digital infrastructure and risk management. Under DORA, financial institutions must establish strong IT risk management systems, define incident response mechanisms, and implement application testing and third-party risk monitoring. Even software components sourced from external libraries remain the company’s responsibility. DORA requirements vary based on the entity’s size, risk profile, and services. Critical IT third-party providers are subject to enhanced oversight by European Supervisory Authorities.

North American Regulations

PIPEDA

PIPEDA is Canada’s federal privacy law governing the collection, use, and disclosure of personal information in commercial activities. Mobile applications and services operating in Canada must comply with the Act, which grants individuals certain rights over their personal data and requires organizations to protect it with appropriate security measures.

HIPAA

HIPAA is a U.S. regulation that protects the privacy and security of individuals’ health information (PHI). It specifically safeguards the confidentiality of patients and health plan subscribers’ medical data. Medical and hospital applications access highly sensitive information, including personal data (contact details, social security numbers, insurance IDs), medical records, prescriptions, and doctors’ notes. With the rise of telehealth, even online consultations are stored. Handling such data brings serious responsibilities under privacy and security laws like HIPAA.

FTC Act

The FTC Act grants the U.S. Federal Trade Commission (FTC) the authority to enforce fair business practices and protect consumer privacy. The Commission enforces even stricter regulations for sectors such as health, insurance, and finance. Also applying to organizations that develop mobile applications, the FTC Act ensures that businesses provide accurate and transparent information about data collection and protection.

Checklist de cybersécurité mobile de la CISA

The Cybersecurity and Infrastructure Security Agency (CISA) provides a checklist to help individuals and organizations strengthen the security of their mobile devices. The checklist covers key areas such as device configuration, network connections, software updates, application security, data protection, mobile device management (MDM), phishing, and social engineering.
Retour en haut