Skip to content

Chapter 5

Protecting Your Sensitive Data: Conclusions and Best Practices

There is a reason why 91% of enterprises find it difficult to manage data compliance.

Responding to compliance problems requires a high level of cyber-safety and privacy expertise, but also mastery of the tools that should be implemented in response to these issues.

1/10 Despite the focus on security by design, only 1 company in 10 has succeeded in implementing this principle in their safety strategy.

These compliance issues will grow in complexity in the future, partly as new regulations are added, but also as the amount of data generated increases. So a pragmatic “security & privacy by design” approach is needed, but also a technological one simplifying and automating responses to these compliance problems to the maximum.

Devoteam is able to respond pragmatically to complex compliance issues by combining its expertise in cyber-security with that of Microsoft security add-ons, notably in relation to compliance.

What can be done operationally and where do we begin?

1. Classification and data protection design policies corresponding to operational reality.

2. Adopt a pragmatic approach driven by the risks

  • Define use cases: “Working in close collaboration with core businesses to have concrete cases”
  • Determine the risks to these use cases: “Defining the most frequent cases and those having the most impact because compliance was not observed”
  • Prioritise them according to their frequency: “An analysis of risks to determine the criticality of use cases and fine-tune the prioritisation of scenarios to consider”

3. Proceed by iteration based on our methodology as developed above:


Classification/ Governance



The authors and contributors

Vincent Tostain – Devoteam Technical Lead Cybersecurity –

Karim Bouami – Devoteam Digital Identity & Trust Services Director – karim.bouami@eleam

Ludovic Hecky – Devoteam Cybersecurity Senior Consultant –

Amélie Barboteau – Devoteam Cybersecurity Senior Consultant –

Charles Tostain – Global Black Belt Advanced Compliance –

With the contribution of Devoteam’s and Microsoft’s Marketing teams. Contact: Marketing team