[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZEdl7a8lAVouHMaMy8ATXgIjZojWZvV_0T5c1x88Kak":3},{"assets":4,"attachments":5,"tags":6,"dataRetentionRules":20,"creatorUser":170,"creatorUserId":25,"updatedBy":35,"updatedById":35,"publishedBy":35,"publishedById":35,"areaOwnerId":35,"owners":171,"customFields":174,"area":175,"entity":179,"mergedFrom":35,"workflowStep":180,"accountables":186,"responsibles":188,"informedOwners":189,"securityMeasures":190,"personCategories":354,"id":38,"source":57,"label":39,"state":185,"versionDescription":35,"processingType":45,"parentId":35,"areaId":44,"mergeType":35,"readonly":34,"editable":30,"workflowStepId":181,"dateDeployment":35,"dateCreation":43,"dateArchived":35,"datePublication":370,"archived":34,"dateUpdate":42,"reviewDate":35,"nextReviewDate":35,"ref":35,"processingState":35,"description":40,"descriptionHtml":371,"subjectRightProcessDescription":35,"rightOfInformation":372,"rightOfAccess":373,"rightOfRectification":373,"rightOfErasure":373,"rightOfRestriction":373,"rightOfOpposition":374,"rightOfDataPortability":373,"advanceDirectives":35,"advanceDirectivesDescription":35,"rightOfInformationDescription":35,"rightOfAccessDescription":35,"rightOfRectificationDescription":35,"rightOfErasureDescription":375,"rightOfRestrictionDescription":35,"rightOfOppositionDescription":376,"rightOfDataPortabilityDescription":35,"stakeHolders":377,"assessmentScoring":35,"automaticDecision":35,"systematicMonitoring":35,"specialCategoryData":35,"largeScaleCollection":35,"crossReferencing":35,"vulnerablePeople":35,"isDPIARequired":35,"dpiaDate":35,"dpiaExemption":34,"dpiaExemptionJustification":35,"innovativeUse":35,"exclusionBenefitRightContract":35,"recipients":378,"dataControllers":406,"purposes":407,"progression":464,"quality":465,"sensitivity":466,"visible":30,"workspaceId":41,"nbReferences":33,"referenceId":35},[],[],[7,12,16],{"id":8,"label":9,"type":10,"color":11},"5494cd34-13e6-4954-81cd-000195723eb0","Public","DataProcessing","#98B8F9",{"id":13,"label":14,"type":10,"color":15},"99e6f156-5bd7-4bc1-94c7-7f416665cf20","Privé","#46D17A",{"id":17,"label":18,"type":10,"color":19},"c3ffad0a-1877-42bb-b40b-7c50a628461c","Pharmacie","#DEC532",[21],{"customFields":22,"tags":23,"creator":24,"readonly":34,"purposes":35,"dataProcessings":36,"dataFields":46,"asset":35,"subjectCategories":163,"id":164,"ref":35,"externalId":35,"externalLastSyncDate":35,"externalSource":35,"label":165,"description":35,"dateCreation":166,"dateUpdate":35,"baseActiveOverride":34,"intermediateArchivingOverride":34,"destructionOverride":34,"baseActiveDescription":167,"baseActiveLegalBasis":35,"baseActiveRetentionDuration":35,"baseActiveMinMax":35,"intermediateArchivingLegalBasis":35,"intermediateArchivingDescription":35,"intermediateArchivingRetentionDuration":35,"intermediateArchivingMinMax":35,"destructionDescription":35,"destructionLegalBasis":35,"dataSetSource":168,"sourceDescription":169,"assetId":35,"source":57},{},[],{"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},69,"Dastro Naute","Naute","Dastro","contact@dastra.eu",true,"#784000","https://static.dastra.eu/tenant-3/avatar/69/assistant-150.png",0,false,null,[37],{"id":38,"label":39,"ref":35,"description":40,"workspaceId":41,"archived":34,"dateUpdate":42,"dateCreation":43,"areaId":44,"processingType":45},"57bf9d24-cc2b-4aed-a8be-3b288f2dc16d","Gestion des officines de pharmacie","Ce modèle de traitement est issu du référentiel de la CNIL publié le 18 juillet 2022. ",68,"2023-03-22T08:23:33.6044929","2022-07-18T21:38:04.4883012",354,"Default",[47,58,65,73,81,88,94,100,105,110,119,126,132,138,145,151,157],{"id":48,"customFields":49,"ref":35,"archivingPolicy":50,"required":30,"label":51,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":34,"sensitivityClassification":52,"personalDataCategory":53,"dataType":35,"dateCreation":54,"dateUpdate":35,"creator":55,"workflowStepId":56,"workflowStep":35,"source":57},"9b84c492-a056-4ec0-89a3-32eaa4f9a5a6",{},"6 mois minimum, extension possible en cas de risque pour les personnes","Traces fonctionnelles et techniques","Current","ConnectionData","2022-07-18T21:38:06.9679528",{"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},83451,"Intern",{"id":59,"customFields":60,"ref":35,"archivingPolicy":35,"required":30,"label":61,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":34,"sensitivityClassification":52,"personalDataCategory":62,"dataType":35,"dateCreation":63,"dateUpdate":35,"creator":64,"workflowStepId":56,"workflowStep":35,"source":57},"dfa40a05-b168-4487-971d-2addf1f71430",{},"Produits vendus","ProfessionalLife","2022-07-18T21:38:06.8755451",{"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},{"id":66,"customFields":67,"ref":35,"archivingPolicy":35,"required":30,"label":68,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":30,"sensitivityClassification":69,"personalDataCategory":70,"dataType":35,"dateCreation":71,"dateUpdate":35,"creator":72,"workflowStepId":56,"workflowStep":35,"source":57},"560a2d19-e4a3-4500-b82a-75bb15793559",{},"Traitements délivrés","Sensitive","HealthData","2022-07-18T21:38:06.7897234",{"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},{"id":74,"customFields":75,"ref":35,"archivingPolicy":35,"required":30,"label":76,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":77,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":30,"sensitivityClassification":69,"personalDataCategory":70,"dataType":35,"dateCreation":78,"dateUpdate":79,"creator":80,"workflowStepId":56,"workflowStep":35,"source":57},"65b1f2a5-3d19-401a-b3f7-b1135808e35c",{},"Traitements prescrits","Medicine","2022-07-18T21:38:06.4711217","2023-09-25T09:28:15.4378548",{"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},{"id":82,"customFields":83,"ref":35,"archivingPolicy":35,"required":30,"label":84,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":77,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":30,"sensitivityClassification":69,"personalDataCategory":70,"dataType":35,"dateCreation":85,"dateUpdate":86,"creator":87,"workflowStepId":56,"workflowStep":35,"source":57},"3ba66a11-bc79-413d-a0f5-6bc254e84321",{},"Diagnostics médicaux","2022-07-18T21:38:06.3747635","2023-09-25T09:26:11.4467421",{"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},{"id":89,"customFields":90,"ref":35,"archivingPolicy":35,"required":30,"label":91,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":77,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":30,"sensitivityClassification":69,"personalDataCategory":70,"dataType":35,"dateCreation":92,"dateUpdate":93,"creator":35,"workflowStepId":56,"workflowStep":35,"source":57},"9f20c30e-cd49-4e23-ad3e-8a77676c33a6",{},"Antécédents médicaux","2021-12-01T15:09:48.9298536","2023-09-25T09:25:37.9428471",{"id":95,"customFields":96,"ref":35,"archivingPolicy":35,"required":30,"label":97,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":77,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":30,"sensitivityClassification":69,"personalDataCategory":70,"dataType":35,"dateCreation":98,"dateUpdate":99,"creator":35,"workflowStepId":56,"workflowStep":35,"source":57},"b87f31fe-045d-4a55-a695-8e6135d11605",{},"Poids et taille","2021-12-29T11:37:50.0499711","2023-09-25T09:28:52.6089013",{"id":101,"customFields":102,"ref":35,"archivingPolicy":35,"required":30,"label":103,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":30,"sensitivityClassification":69,"personalDataCategory":70,"dataType":35,"dateCreation":104,"dateUpdate":35,"creator":35,"workflowStepId":56,"workflowStep":35,"source":57},"971b3e0e-906a-4eb4-b366-946cc5880e5e",{},"Données de santé nécessaires pour le suivi","2021-12-29T11:40:34.2323103",{"id":106,"customFields":107,"ref":35,"archivingPolicy":35,"required":30,"label":108,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":34,"sensitivityClassification":52,"personalDataCategory":35,"dataType":35,"dateCreation":109,"dateUpdate":35,"creator":35,"workflowStepId":56,"workflowStep":35,"source":57},"33503ca1-a131-48fd-80e7-08d98e201e93",{},"Habitudes de vie","2021-10-13T08:10:33.7436961",{"id":111,"customFields":112,"ref":35,"archivingPolicy":35,"required":30,"label":113,"definition":114,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":30,"sensitivityClassification":69,"personalDataCategory":115,"dataType":116,"dateCreation":117,"dateUpdate":35,"creator":118,"workflowStepId":56,"workflowStep":35,"source":57},"0ff30d38-603b-40b0-9181-d442330281ee",{},"Numéro d'immatriculation au répertoire national des personnes physiques (NIR)","Numéro d'inscription au répertoire national des personnes physiques tenu par l'INSEE","NIR","Number","2022-07-18T21:38:06.5880343",{"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},{"id":120,"customFields":121,"ref":35,"archivingPolicy":35,"required":30,"label":122,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":34,"sensitivityClassification":52,"personalDataCategory":123,"dataType":35,"dateCreation":124,"dateUpdate":125,"creator":35,"workflowStepId":56,"workflowStep":35,"source":57},"8d4c13c3-278a-4ed9-9ac6-b9ec3b2b1fde",{},"Identifiant national de santé (INS)","CivilStatus","2024-01-05T12:20:46.4966674","2024-05-20T16:17:07.0276236",{"id":127,"customFields":128,"ref":35,"archivingPolicy":35,"required":30,"label":129,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":34,"sensitivityClassification":52,"personalDataCategory":123,"dataType":35,"dateCreation":130,"dateUpdate":35,"creator":131,"workflowStepId":56,"workflowStep":35,"source":57},"81cd8e66-912f-485e-8b88-8dafc888452a",{},"Identité et coordonnées des professionnels de santé participant à la prise en  charge du patient","2022-07-18T21:38:06.7046831",{"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},{"id":133,"customFields":134,"ref":35,"archivingPolicy":35,"required":30,"label":135,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":34,"sensitivityClassification":52,"personalDataCategory":123,"dataType":35,"dateCreation":136,"dateUpdate":137,"creator":35,"workflowStepId":56,"workflowStep":35,"source":57},"44e9f3a5-5a51-4e26-bb2e-2719ec3af7bb",{},"numéro de téléphone","2021-01-18T22:33:53.2486652","2023-09-25T09:23:51.1379936",{"id":139,"customFields":140,"ref":35,"archivingPolicy":35,"required":30,"label":141,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":34,"sensitivityClassification":52,"personalDataCategory":142,"dataType":35,"dateCreation":143,"dateUpdate":144,"creator":35,"workflowStepId":56,"workflowStep":35,"source":57},"36d1494c-ff89-45e3-862d-31d39bb87fe9",{},"Adresse électronique","PersonalLife","2021-09-22T14:53:24.9093394","2023-09-25T09:25:03.6711088",{"id":146,"customFields":147,"ref":35,"archivingPolicy":35,"required":30,"label":148,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":34,"sensitivityClassification":52,"personalDataCategory":142,"dataType":35,"dateCreation":149,"dateUpdate":150,"creator":35,"workflowStepId":56,"workflowStep":35,"source":57},"b05d36ab-7b23-42c5-a659-b806b3b26050",{},"Adresse postale","2021-09-27T22:25:11.201927","2023-09-25T09:25:21.3319653",{"id":152,"customFields":153,"ref":35,"archivingPolicy":35,"required":30,"label":154,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":34,"sensitivityClassification":52,"personalDataCategory":123,"dataType":35,"dateCreation":155,"dateUpdate":156,"creator":35,"workflowStepId":56,"workflowStep":35,"source":57},"039070e3-2f19-4fc7-b7b3-1c39b218a3d1",{},"Date de naissance","2021-01-18T22:33:53.1173564","2023-09-11T07:57:23.6513312",{"id":158,"customFields":159,"ref":35,"archivingPolicy":35,"required":30,"label":160,"definition":35,"technicalDefinition":35,"sensitiveDataFieldLegalJustification":35,"sensitiveDataFieldLegalJustificationDescription":35,"sensitiveData":34,"sensitivityClassification":52,"personalDataCategory":123,"dataType":35,"dateCreation":161,"dateUpdate":162,"creator":35,"workflowStepId":56,"workflowStep":35,"source":57},"b4c279e1-ca69-4958-3ef7-08d8d8ff078f",{},"Nom et prénom","2021-02-25T08:47:35.132248","2023-07-27T13:14:45.0770506",[],"2bdb6285-c334-44f2-825d-d2eae92098eb","Données utilisées par les officines de pharmacie","2022-07-18T21:38:05.7751409","- Copies d'ordonnance de médicaments classés comme stupéfiants ou relevant de la réglementation des stupéfiants : 3 ans (article R. 5132-35 du CSP)\n\n- Données issues des registres des préparations magistrales ou officinales, des médicaments relevant des listes I, II et des stupéfiants et les enregistrements des substances ou préparations destinées à un usage non thérapeutique de produits classés très toxiques, toxiques, cancérogènes, tératogènes ou mutagènes : 10 ans. (articles R. 5125-45, R. 5132-10 et R. 5132-59 du CSP)\n\n- Registres ou enregistrements liés aux médicaments dérivés du sang : 40 ans (article R. 5121-195 du CSP)\n\n- Doubles des feuilles de soins électroniques : au moins trois mois (article R. 161-47 du CSS)\n\nPour les données dont la durée de conservation n’est pas fixée par les textes, il revient au responsable de traitement de déterminer et justifier la durée appropriée\n","Direct","",{"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},[172],{"role":173,"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},"Accountable",{},{"dpo":35,"referent":35,"owner":35,"representative":35,"dataProtectionAuthority":35,"id":44,"type":176,"parentId":35,"ref":35,"label":177,"description":35,"logoUrl":35,"address":35,"zipCode":35,"city":35,"region":35,"countryCode":178,"immatriculationNumber":35,"phoneNumber":35,"mailAddress":35,"dpoId":35,"referentId":35,"ownerId":35,"representativeId":35,"dataProtectionAuthorityId":35},"Entity","Entité","FR",{"dpo":35,"referent":35,"owner":35,"representative":35,"dataProtectionAuthority":35,"id":44,"type":176,"parentId":35,"ref":35,"label":177,"description":35,"logoUrl":35,"address":35,"zipCode":35,"city":35,"region":35,"countryCode":178,"immatriculationNumber":35,"phoneNumber":35,"mailAddress":35,"dpoId":35,"referentId":35,"ownerId":35,"representativeId":35,"dataProtectionAuthorityId":35},{"id":181,"label":182,"color":183,"order":184,"itemLimit":35,"type":10,"finalStep":30,"initialStep":34,"authorizedRole":35,"authorizedRoleId":35,"descriptionHtml":35,"mappedState":185},1011,"Ok","#42c478",3,"Active",[187],{"role":173,"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},[],[],[191,205,218,230,240,250,260,270,280,292,302,312,324,334,344],{"date":192,"state":193,"descriptionHtml":194,"readonly":34,"purposes":35,"customFields":195,"id":196,"ref":35,"label":197,"type":198,"description":199,"relatedRisk":35,"moreDetailsUrl":200,"dateCreation":201,"dateUpdate":35,"tags":202,"attachments":203,"creatorUser":35,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043523Z","None","\u003Cul>\u003Cli>\u003Cp>Informer et sensibiliser le personnel de l’officine accédant aux données*\u003C/p>\u003C/li>\u003Cli>\u003Cp>Pour une officine mutualisant des ressources informatiques, rédiger une charte informatique et lui donner force contraignante\u003C/p>\u003C/li>\u003Cli>\u003Cp>Informer et sensibiliser leur personnel ayant accès à des données de santé ou bien participant au développement ou à la maintenance des outils informatiques manipulant des données de santé\u003C/p>\u003C/li>\u003C/ul>",{},"d77a94b8-cd42-409c-a02e-323ffad3924a","Sensibiliser les utilisateurs","Organizational","Faire prendre conscience à chaque utilisateur des enjeux en matière de sécurité et de vie privée.","https://www.cnil.fr/fr/securite-informatique-sensibiliser-les-utilisateurs","2019-01-01T00:00:00",[],[],90385,{"date":206,"state":193,"descriptionHtml":207,"readonly":34,"purposes":35,"customFields":208,"id":209,"ref":35,"label":210,"type":211,"description":212,"relatedRisk":169,"moreDetailsUrl":213,"dateCreation":214,"dateUpdate":215,"tags":216,"attachments":217,"creatorUser":35,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043555Z","\u003Cul>\u003Cli>\u003Cp>Définir un identifiant (« login ») propre à chaque utilisateur\u003C/p>\u003C/li>\u003Cli>\u003Cp>Adopter une politique de mots de passe utilisateur conforme aux recommandations de la CNIL\u003C/p>\u003C/li>\u003Cli>\u003Cp>Pour les utilisateurs accédant aux données de santé, utiliser une authentification forte basée sur : \u003C/p>\u003Cul>\u003Cli>\u003Cp>les cartes CPx, notamment : une carte de professionnel de santé (CPS), qui doit rester strictement personnelle, sans communication du code secret aux autres membres du personnel de l’officine ; une carte de professionnel en formation (CPF pour les étudiants en pharmacie) \u003C/p>\u003C/li>\u003Cli>\u003Cp>ou tout moyen alternatif « à deux facteurs » (par exemple, un mot de passe complété par l’envoi d’un code unique à chaque connexion)\u003C/p>\u003C/li>\u003C/ul>\u003C/li>\u003C/ul>",{},"bbc25781-4a59-4641-bc61-111f19323aed","08.05. Authentification sécurisée","Technical","Mesure de sécurité préconisée par la norme ISO 27002","https://www.iso.org/fr/standard/75652.html","2022-03-06T21:54:57.3144671","2022-10-24T09:28:37.448361",[],[],{"date":219,"state":193,"descriptionHtml":220,"readonly":34,"purposes":35,"customFields":221,"id":222,"ref":35,"label":223,"type":198,"description":224,"relatedRisk":35,"moreDetailsUrl":225,"dateCreation":226,"dateUpdate":227,"tags":228,"attachments":229,"creatorUser":35,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.204356Z","\u003Cul>\u003Cli>\u003Cp>Attribuer un profil d’habilitation adapté à chaque utilisateur (distinguant notamment les données administratives et les données médicales)\u003C/p>\u003C/li>\u003Cli>\u003Cp>Supprimer les permissions d’accès obsolètes\u003C/p>\u003C/li>\u003Cli>\u003Cp>Mettre en place un système de journalisation des accès aux données de santé\u003C/p>\u003C/li>\u003Cli>\u003Cp>Informer les utilisateurs de la mise en place du système de journalisation\u003C/p>\u003C/li>\u003Cli>\u003Cp>Prévoir les procédures pour les notifications de violation de données à caractère personnel\u003C/p>\u003C/li>\u003C/ul>",{},"f54ac346-ee7b-45de-9cc0-39506032df7e","Gestion des habilitations","Limiter les accès aux seules données dont un utilisateur a besoin.","https://www.cnil.fr/fr/securite-gerer-les-habilitations","2021-10-19T15:35:32.1054015","2024-02-21T11:29:06.7225617",[],[],{"date":231,"state":193,"descriptionHtml":232,"readonly":34,"purposes":35,"customFields":233,"id":234,"ref":35,"label":235,"type":198,"description":169,"relatedRisk":35,"moreDetailsUrl":169,"dateCreation":236,"dateUpdate":35,"tags":237,"attachments":238,"creatorUser":239,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043566Z","\u003Cul>\u003Cli>\u003Cp>Prévoir une procédure de verrouillage automatique de la session informatique, avec un déclenchement au bout d’un délai d’inactivité de cinq minutes pour les postes situés dans les zones ouvertes au public\u003C/p>\u003C/li>\u003Cli>\u003Cp>Protéger les postes susceptibles d'être facilement emportés, notamment les ordinateurs portables, à l'aide d'un câble physique de sécurité\u003C/p>\u003C/li>\u003Cli>\u003Cp>Chiffrer les supports de stockage des équipements informatiques utilisés dans des lieux accessibles au public\u003C/p>\u003C/li>\u003Cli>\u003Cp>Permettre la mise à jour régulière des antivirus\u003C/p>\u003C/li>\u003Cli>\u003Cp>Recueillir l’accord de l’utilisateur avant toute intervention sur un poste individuel\u003C/p>\u003C/li>\u003Cli>\u003Cp>Limiter le stockage de données de santé sur les tablettes et les ordiphones (en raison des conséquences pour les patients/clients en cas de vol ou de perte du matériel). Si ces équipements sont utilisés, leur niveau de sécurisation des données doit être équivalent à celui des autres équipements (chiffrement, codes d’accès, etc.)\u003C/p>\u003C/li>\u003Cli>\u003Cp>Exiger un secret pour le déverrouillage des ordiphones ou des tablettes\u003C/p>\u003C/li>\u003Cli>\u003Cp>Protéger les écrans des regards indiscrets (orientation, filtre optique)\u003C/p>\u003C/li>\u003Cli>\u003Cp>Prévoir une « zone de confidentialité » autour des postes de dispensation, avec un marquage et une information incitant à la respecter\u003C/p>\u003C/li>\u003Cli>\u003Cp>Limiter l’utilisation de supports de stockage amovibles (clés USB, disques dur externe) et chiffrer systématiquement les données sensibles qui y sont conservées\u003C/p>\u003C/li>\u003Cli>\u003Cp>Ne pas prêter ou utiliser pour des usages personnels les ordiphones et tablettes à usage professionnel\u003C/p>\u003C/li>\u003C/ul>",{},"ffd31a0a-0da5-41b6-b9ab-93fcf7723936","Sécuriser les postes de  travail et l'informatique  mobile","2022-07-18T21:38:05.0713692",[],[],{"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},{"date":241,"state":193,"descriptionHtml":242,"readonly":34,"purposes":35,"customFields":243,"id":244,"ref":35,"label":245,"type":211,"description":246,"relatedRisk":35,"moreDetailsUrl":247,"dateCreation":201,"dateUpdate":35,"tags":248,"attachments":249,"creatorUser":35,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043572Z","\u003Cul>\u003Cli>\u003Cp>Interdire les connexions d’appareils non professionnels sur le réseau En cas de fourniture d’un accès Wifi public aux clients de l’officine, celui-ci ne doit pas permettre d’accéder au réseau interne de l’officine (cloisonnement)\u003C/p>\u003C/li>\u003C/ul>",{},"ac192187-f8f9-42aa-9111-814f4a321407","Protéger le réseau informatique interne","Autoriser uniquement les fonctions réseau nécessaires aux traitements mis en place.","https://www.cnil.fr/fr/securite-proteger-le-reseau-informatique-interne",[],[],{"date":251,"state":193,"descriptionHtml":252,"readonly":34,"purposes":35,"customFields":253,"id":254,"ref":35,"label":255,"type":211,"description":256,"relatedRisk":35,"moreDetailsUrl":257,"dateCreation":201,"dateUpdate":35,"tags":258,"attachments":259,"creatorUser":35,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043597Z","\u003Cul>\u003Cli>\u003Cp>Limiter l’accès aux outils et interfaces d’administration aux seules personnes habilitées \u003C/p>\u003C/li>\u003Cli>\u003Cp>Permettre l’installation sans délai des mises à jour critiques\u003C/p>\u003C/li>\u003C/ul>",{},"ed9bf5c2-97d3-4505-9b42-adabf6e7bd1d","Sécuriser les serveurs","Renforcer les mesures de sécurité appliquées aux serveurs.","https://www.cnil.fr/fr/securite-securiser-les-serveurs",[],[],{"date":261,"state":193,"descriptionHtml":262,"readonly":34,"purposes":35,"customFields":263,"id":264,"ref":35,"label":265,"type":211,"description":266,"relatedRisk":35,"moreDetailsUrl":267,"dateCreation":201,"dateUpdate":35,"tags":268,"attachments":269,"creatorUser":35,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043602Z","\u003Cul>\u003Cli>\u003Cp>Effectuer ou permettre l’exécution des sauvegardes régulières \u003C/p>\u003C/li>\u003Cli>\u003Cp>Stocker les supports de sauvegarde dans un endroit sûr\u003C/p>\u003C/li>\u003C/ul>",{},"cae348c2-e9f2-4e49-8d60-ab56e438d5a4","Sauvegarder et prévoir la continuité d'activité","Effectuer des sauvegardes régulières pour limiter l’impact d’une disparition non désirée de données.","https://www.cnil.fr/fr/securite-sauvegarder-et-prevoir-la-continuite-dactivite",[],[],{"date":271,"state":193,"descriptionHtml":272,"readonly":34,"purposes":35,"customFields":273,"id":274,"ref":35,"label":275,"type":211,"description":276,"relatedRisk":35,"moreDetailsUrl":277,"dateCreation":201,"dateUpdate":35,"tags":278,"attachments":279,"creatorUser":35,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043606Z","\u003Cul>\u003Cli>\u003Cp>Mettre en œuvre des modalités d’accès spécifiques aux données archivées \u003C/p>\u003C/li>\u003Cli>\u003Cp>Détruire les archives obsolètes de manière sécurisée\u003C/p>\u003C/li>\u003C/ul>",{},"14f86823-e6e3-49b8-b785-c342acad1d7f","Archiver de manière sécurisée","Archiver les données qui ne sont plus utilisées au quotidien mais qui n’ont pas encore atteint leur durée limite de conservation, par exemple parce qu’elles sont conservées afin d’être utilisées en cas de contentieux.","https://www.cnil.fr/fr/securite-archiver-de-maniere-securisee",[],[],{"date":281,"state":193,"descriptionHtml":282,"readonly":34,"purposes":35,"customFields":283,"id":284,"ref":35,"label":285,"type":198,"description":286,"relatedRisk":287,"moreDetailsUrl":169,"dateCreation":288,"dateUpdate":35,"tags":289,"attachments":290,"creatorUser":291,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043613Z","\u003Cul>\u003Cli>\u003Cp>Enregistrer les interventions de maintenance dans une main courante \u003C/p>\u003C/li>\u003Cli>\u003Cp>Encadrer par un responsable de l’officine les interventions par des tiers \u003C/p>\u003C/li>\u003Cli>\u003Cp>Effacer les données de tout matériel avant sa mise au rebut\u003C/p>\u003C/li>\u003C/ul>",{},"5627a301-414c-449d-80ed-e2274a49c2db","Encadrer la maintenance et la destruction des données","Mettre en place des procédures pour la maintenance et la destruction sécurisées des données.","Perte de données, accès non autorisé.","2022-07-18T21:38:05.1471097",[],[],{"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},{"date":293,"state":193,"descriptionHtml":294,"readonly":34,"purposes":35,"customFields":295,"id":296,"ref":35,"label":297,"type":198,"description":298,"relatedRisk":35,"moreDetailsUrl":299,"dateCreation":201,"dateUpdate":35,"tags":300,"attachments":301,"creatorUser":35,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043619Z","\u003Cul>\u003Cli>\u003Cp>Prévoir des clauses spécifiques5 dans les contrats des sous-traitants \u003C/p>\u003C/li>\u003Cli>\u003Cp>Prévoir des conditions de restitution et de destruction des données \u003C/p>\u003C/li>\u003Cli>\u003Cp>S’assurer de l'effectivité des garanties prévues (audits de sécurité, visites, etc.)\u003C/p>\u003C/li>\u003Cli>\u003Cp>Authentifier les destinataires avant tout envoi de données de santé\u003C/p>\u003C/li>\u003C/ul>",{},"47c52bcb-a6e9-487b-a958-f027b20dbd87","Gérer la sous-traitance","Encadrer la sécurité des données avec les sous-traitants.","https://www.cnil.fr/fr/securite-gerer-la-sous-traitance",[],[],{"date":303,"state":193,"descriptionHtml":304,"readonly":34,"purposes":35,"customFields":305,"id":306,"ref":35,"label":307,"type":198,"description":308,"relatedRisk":35,"moreDetailsUrl":309,"dateCreation":201,"dateUpdate":35,"tags":310,"attachments":311,"creatorUser":35,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043623Z","\u003Cul>\u003Cli>\u003Cp>Utiliser une messagerie électronique sécurisée de santé pour les échanges entre professionnels de santé \u003C/p>\u003C/li>\u003Cli>\u003Cp>Pour les échanges avec d’autres professionnels intervenant dans la prise en charge du patient/client ou avec les patients/clients eux-mêmes : \u003C/p>\u003Cul>\u003Cli>\u003Cp>procéder au chiffrement des documents avant leur envoi sur une messagerie électronique standard6 et transmettre le secret par un envoi distinct et via un canal différent\u003C/p>\u003C/li>\u003Cli>\u003Cp>utiliser un protocole de transfert garantissant la confidentialité des messages et l’authentification du serveur de messagerie\u003C/p>\u003C/li>\u003Cli>\u003Cp>choisir une messagerie hébergeant les données dans un pays ou auprès d’un prestataire garantissant la protection des données conformément aux règles européennes.\u003C/p>\u003C/li>\u003C/ul>\u003C/li>\u003C/ul>",{},"49230bff-1cd3-46bd-85f5-e43809136dc9","Sécuriser les échanges avec d'autres organismes","Renforcer la sécurité de toute transmission de données à caractère personnel. ","https://www.cnil.fr/fr/securite-securiser-les-echanges-avec-dautres-organismes",[],[],{"date":313,"state":193,"descriptionHtml":314,"readonly":34,"purposes":35,"customFields":315,"id":316,"ref":35,"label":317,"type":318,"description":319,"relatedRisk":35,"moreDetailsUrl":320,"dateCreation":201,"dateUpdate":321,"tags":322,"attachments":323,"creatorUser":35,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043627Z","\u003Cul>\u003Cli>\u003Cp>Restreindre les accès aux locaux au moyen de portes verrouillées \u003C/p>\u003C/li>\u003Cli>\u003Cp>Installer des alarmes anti-intrusion et les vérifier périodiquement Sécuriser le stockage des dossiers au format papier (locaux sécurisés, armoire fermant à clé) \u003C/p>\u003C/li>\u003Cli>\u003Cp>Récupérer les documents imprimés contenant des données immédiatement après leur impression ou effectuer, lorsque c'est possible, une impression sécurisée \u003C/p>\u003C/li>\u003Cli>\u003Cp>Détruire les documents papier contenant des données et qui ne sont plus utiles à l’aide d’un broyeur approprié (certifié au minimum classe 3 de la norme DIN 32757105)\u003C/p>\u003C/li>\u003C/ul>",{},"56e975ff-1611-4612-b85c-c7efcdd47c2c","Protection des locaux","Physical","Renforcer la sécurité des locaux hébergeant les serveurs informatiques et les matériels réseaux.","https://www.cnil.fr/fr/securite-proteger-les-locaux","2022-08-04T09:37:49.9189608",[],[],{"date":325,"state":193,"descriptionHtml":326,"readonly":34,"purposes":35,"customFields":327,"id":328,"ref":35,"label":329,"type":211,"description":330,"relatedRisk":35,"moreDetailsUrl":331,"dateCreation":201,"dateUpdate":35,"tags":332,"attachments":333,"creatorUser":35,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043635Z","\u003Cul>\u003Cli>\u003Cp>Prévoir un système de journalisation \u003C/p>\u003C/li>\u003Cli>\u003Cp>Informer les utilisateurs de la mise en place du système de journalisation \u003C/p>\u003C/li>\u003Cli>\u003Cp>Protéger les équipements de journalisation et les informations journalisées \u003C/p>\u003C/li>\u003Cli>\u003Cp>Prévoir les procédures pour les notifications de violation de données à caractère personnel\u003C/p>\u003C/li>\u003C/ul>",{},"c8b527e2-07bc-4677-8c00-d222be26d357","Traçabilité (journalisation)","Journaliser les évènements (accès) et prévoir des procédures pour gérer les incidents afin de pouvoir réagir en cas de violation de données (atteinte à la confidentialité, l'intégrité ou la disponibilité).","https://www.cnil.fr/fr/securite-tracer-les-acces-et-gerer-les-incidents",[],[],{"date":335,"state":193,"descriptionHtml":336,"readonly":34,"purposes":35,"customFields":337,"id":338,"ref":35,"label":339,"type":211,"description":340,"relatedRisk":35,"moreDetailsUrl":341,"dateCreation":201,"dateUpdate":35,"tags":342,"attachments":343,"creatorUser":35,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043639Z","\u003Cul>\u003Cli>\u003Cp>Utiliser le protocole TLS conformément aux recommandations de l’ANSSI et vérifier sa mise en œuvre \u003C/p>\u003C/li>\u003Cli>\u003Cp>Vérifier qu’aucun mot de passe ou identifiant de ressources contenant des données personnelles n’est incorporé aux URL\u003C/p>\u003C/li>\u003C/ul>",{},"43ba60c3-6739-4e15-bc7b-bc80cad63155","Sécuriser les sites web","S’assurer que les bonnes pratiques minimales sont appliquées aux sites web notamment la recommandation pour la sécurisation des sites web de l'ANSSI. ","https://www.cnil.fr/fr/securite-securiser-les-sites-web",[],[],{"date":345,"state":193,"descriptionHtml":346,"readonly":34,"purposes":35,"customFields":347,"id":348,"ref":35,"label":349,"type":211,"description":169,"relatedRisk":35,"moreDetailsUrl":169,"dateCreation":350,"dateUpdate":35,"tags":351,"attachments":352,"creatorUser":353,"workflowStepId":204,"workflowStep":35},"2026-04-21T19:02:23.2043643Z","\u003Cul>\u003Cli>\u003Cp>Utiliser des algorithmes, des logiciels et des bibliothèques à l’état de l’art et conformes aux préconisations du référentiel général de sécurité de l’Agence nationale de sécurité des systèmes d’information (ANSSI) \u003C/p>\u003C/li>\u003Cli>\u003Cp>Conserver les secrets et les clés cryptographiques de manière sécurisée\u003C/p>\u003C/li>\u003C/ul>",{},"ba5dbba5-6611-493d-8362-31b358a2a5ac","Utiliser des fonctions  cryptographiques","2022-07-18T21:38:05.2714055",[],[],{"id":25,"displayName":26,"familyName":27,"givenName":28,"email":29,"active":30,"color":31,"avatarUrl":32,"tenantId":33},[355,363],{"subjectCategory":356,"displayName":358,"id":361,"subjectCategoryId":357,"comment":169,"dataSubjectVolumeMax":35,"readonly":34,"purposes":362},{"id":357,"label":358,"ref":35,"dateCreation":359,"dateUpdate":35,"creatorUserId":35,"creatorUser":35,"description":35,"minorConcerned":34,"workflowStepId":360,"workflowStep":35},"3138b131-c552-4f03-26b7-08dac757bbf1","Professionnels de santé","2022-11-15T22:24:43.5885768",97319,"d9313997-be58-4ac8-bc45-f9194dd2462b",[],{"subjectCategory":364,"displayName":366,"id":368,"subjectCategoryId":365,"comment":169,"dataSubjectVolumeMax":35,"readonly":34,"purposes":369},{"id":365,"label":366,"ref":35,"dateCreation":367,"dateUpdate":35,"creatorUserId":35,"creatorUser":35,"description":35,"minorConcerned":30,"workflowStepId":360,"workflowStep":35},"bcf7ff52-d7f9-4aa0-26a2-08dac757bbf1","Patients","2022-11-15T22:22:36.6908658","74d96eb4-40b3-4bbd-bf4c-dee5b7f5b5b3",[],"2023-03-22T08:23:33.6043193","\u003Cp>\u003Ca href=\"https://www.cnil.fr/sites/default/files/atoms/files/referentiel_-_officines_de_pharmacie.pdf\">Référentiel relatif aux traitements de données à caractère personnel destinés à la gestion des officines de pharmacie (cnil.fr)\u003C/a>\u003C/p>","Automatic","ManualOrOnDemand","NonApplicable","Sous réserve des conditions d’exercice de ce droit en application des dispositions de l’article 17 du RGPD","Ne s'applique que sous réserve de l'article 21 du RGPD : le droit d’opposition ne trouvera pas à s’appliquer aux registres obligatoires de dispensation ou à la transmission de leur ordonnance pour la délivrance de médicaments soumis à prescription",[],[379,387,393,399],{"purposes":380,"dataRetentionRules":35,"parentId":35,"children":381,"displayName":382,"label":382,"transfers":383,"recipientType":384,"type":385,"jobTitle":35,"id":386,"actorId":35,"actor":35,"areaId":35,"area":35,"description":35,"readonly":34},[],[],"Organismes menant des études, recherche et évaluations dans le domaine de la  santé",[],"ThirdParty","Recipient","52dbad13-3567-486d-a14c-87b672384242",{"purposes":388,"dataRetentionRules":35,"parentId":35,"children":389,"displayName":390,"label":390,"transfers":391,"recipientType":384,"type":385,"jobTitle":35,"id":392,"actorId":35,"actor":35,"areaId":35,"area":35,"description":35,"readonly":34},[],[],"Assurances maladies obligatoires",[],"7c1cd057-38ed-4a9b-bc16-c0f64ab80f99",{"purposes":394,"dataRetentionRules":35,"parentId":35,"children":395,"displayName":396,"label":396,"transfers":397,"recipientType":384,"type":385,"jobTitle":35,"id":398,"actorId":35,"actor":35,"areaId":35,"area":35,"description":35,"readonly":34},[],[],"Professionnels de santé et les professionnels concourant à la prévention et aux  soins",[],"921282dd-f83c-402e-a20e-194a4f2cbf69",{"purposes":400,"dataRetentionRules":35,"parentId":35,"children":401,"displayName":402,"label":402,"transfers":403,"recipientType":404,"type":385,"jobTitle":35,"id":405,"actorId":35,"actor":35,"areaId":35,"area":35,"description":35,"readonly":34},[],[],"Personnels de l’officine participant à la dispensation des médicaments et autres produits, articles, objets et appareils ou à la délivrance de  conseils",[],"InternalService","eb1e04b5-26c9-46d8-ae44-18cad91b4406",[],[408,416,423,429,434,439,445,452,456,460],{"id":409,"key":410,"label":411,"description":412,"legalBasis":413,"legalBasisText":414,"legalBasisDescription":415,"readonly":34},"c5653e7a-0fa9-4bca-8837-860a6643b0b3","54483312-b0e4-4b2e-a23c-fa4fb16276a1","Dispensation des médicaments et autres produits, articles, objets et appareils","Tenue de l’ordonnancier et des registres de délivrance / Gestion et la tenue des dossiers nécessaires au suivi du patient/client (à l’exclusion du Dossier \npharmaceutique (DP)) / Communication et la coordination entre professionnels identifiés participant à la prise en charge de la personne concernée / Etablissement et la télétransmission des documents destinés à la prise en charge des frais de \nsanté par l’assurance maladie (prescriptions, etc.) / Tenue de la comptabilité.\n","Contract","Contrat ou mesures précontractuelles","Ou le cas échéant obligation légale\nArrêté du 15 février 2002 pour les catégories. ",{"id":417,"key":418,"label":419,"description":169,"legalBasis":420,"legalBasisText":421,"legalBasisDescription":422,"readonly":34},"089ece16-0b49-41c1-87c8-86df5a7180a4","feaa441e-fe53-41cc-8743-e84cbba643c4","Coopération entre professionnels de santé","LegitimateInterest","Intérêts légitimes du responsable du traitement ou d'un tiers","2o de l’article L. 5125-1-1 A du CSP\n",{"id":424,"key":425,"label":426,"description":35,"legalBasis":427,"legalBasisText":428,"legalBasisDescription":35,"readonly":34},"8ec99892-d61f-4aab-a140-a6306141498a","170b76dc-2c2f-4dab-a144-38b168ace869","Contribution aux actions de veille et de protection  sanitaires organisées par les autorités","PublicInterest","Exécution d'une mission d'intérêt public ou relevant de l'exercice de l'autorité publique",{"id":430,"key":431,"label":432,"description":433,"legalBasis":420,"legalBasisText":421,"legalBasisDescription":35,"readonly":34},"b6fc7694-7cf3-4637-86f6-cc54fb179425","f9739fd4-46b1-4df6-95ed-febdbb4250ca","Participation à l’éducation thérapeutique et aux actions d’accompagnement des  patients/clients","Définies aux articles L. 1161-1 à L. 1161-5 du CSP",{"id":435,"key":436,"label":437,"description":169,"legalBasis":420,"legalBasisText":421,"legalBasisDescription":438,"readonly":34},"b784a419-3bad-4b07-9f8c-3e44a18763c5","d76e5c0d-430f-4f3c-9a94-2441d1bdcb37","Exercice du rôle de pharmacien correspondant","7° de l’article L. 5125-1-1 A du CSP",{"id":440,"key":441,"label":442,"description":443,"legalBasis":420,"legalBasisText":421,"legalBasisDescription":444,"readonly":34},"3ddfb184-0829-4291-bff6-785de34d13d7","c2ab3245-383c-4664-8b73-da91982fe461","Proposition de conseils et prestations ","Destinés à favoriser l’amélioration ou le maintien de l’état de santé des personnes","article L. 5125-1-1 A du CSP",{"id":446,"key":447,"label":448,"description":169,"legalBasis":449,"legalBasisText":450,"legalBasisDescription":451,"readonly":34},"66bf6ac6-7b21-4a05-9820-0b85e1318338","9cadac61-65de-4afb-aa28-d9f3ef6570a2","Gestion de la vaccination que les pharmaciens sont autorisés à administrer","LegalCommitment","Obligation légale","9° de l’article L. 5125-1-1 A du CSP",{"id":453,"key":454,"label":455,"description":35,"legalBasis":420,"legalBasisText":421,"legalBasisDescription":35,"readonly":34},"32c372ff-2ba5-4d74-8efc-5b66a156c234","ba18e1b1-ff97-4f60-a478-3f9521c85642","Gestion des rendez-vous",{"id":457,"key":458,"label":459,"description":35,"legalBasis":449,"legalBasisText":450,"legalBasisDescription":35,"readonly":34},"2b72be18-3552-4913-9ba5-59248bde7b96","714c5520-e369-4e8b-942d-b32eda84816d","Tenue de l’ordonnancier et des registres de  délivrance",{"id":461,"key":462,"label":463,"description":169,"legalBasis":449,"legalBasisText":450,"legalBasisDescription":35,"readonly":34},"5dd1d38c-51fc-41de-b0b1-d27c6c1efde1","f78ba2cd-04fc-40b9-a999-444d40983f0e","Etablissement et la télétransmission des documents à destination de l’assurance maladie obligatoire",100,67,45]