Data talks application
Security Within Data Talks
In 2019 over 90% of data breaches were caused by human error.
These often come in the form of Social Engineering, Phishing and Malware attacks.
For this reason, we invest a significant amount of time into training our employees on IT security risks and how to mitigate them.
All of our endpoint devices have disk encryption, malware/virus protection, and the operating systems are regularly updated with the latest security patches.
Infrastructure Security
Data Talks is built upon one of the world's leading cloud providers, AWS.
AWS has a GDPR, SOC 2/3, ISO 9001 / ISO 27001 (and more) compliant infrastructure ensuring that we have a secure foundation for our product to be built on.
Zero Trust Network
With the increased amount of data breaches that happen each year, it's no longer enough to define your network as an "Inside" trusted network and an "Outside" untrusted network.
Data Talks relies on the Zero Trust networking principles which treat no network as a trusted network.
Authentication and Permissions
Multi-Factor Authentication employed in all of our internal services, ensuring that even if passwords are compromised, an attacker would still fail to be able to access our systems.
We rely on strong Role-Based Access Policies so that the minimum amount of access is given to services, applications and employees to reduce the attack surface area.
Data Security
Any data traversing our networks is encrypted with TLS v1.2.
All customer data is logically separated and protected using different accounts/authentication credentials ensuring that there is no cross-contamination of data between customers.
All data at-rest is encrypted using 256-bit AES encryption, ensuring that your stored data is protected with one of the strongest block ciphers available.
Protecting our clients’ data
Interested in our policy and procedures? Read the following article written by Anders Madeley, Head of Partnerships at Data Talks.
Data talks application
Strong security culture
We are committed to ensuring the security and protection of the personal information that we process on our clients behalf, providing a compliant and consistent approach to data protection.
Security development practices
Policy & Procedures
We are supporting our customers through preparation to enable the security of data, we have routines and policies that we ourselves follow strictly. In addition to that, during customer onboarding, we help out with ready-to-use templates for information audits.
The following are highlights of our preparation.
- Data Retention & Erasure our retention policy and schedule ensure that we meet the ‘data minimization’ and ‘storage limitation’ principles.
- Breach response procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach.
- Information Audits:
- Customer-specific audits with well-defined templates for Legal Basis and Impact Assessment.
- Internal Audits with help of our Data Catalog to have control over what data we have.
Shared Security Model with AWS
Data Talks CDP is built on top of the AWS cloud. That means the responsibility for the security of Data Talks CDP is shared between Data Talks and AWS.
We are responsible for the protection of the security IN the cloud while AWS is responsible for the security OF the cloud. AWS is therefore responsible for the underlying infrastructure such as the data center itself and the servers inside while Data Talks is responsible for the data stored on those servers.
Right of Access by the Data Subject
Article 15 in GDPR requires Controllers to give Data Subjects access to information, erasure, portability, restriction in processing and purpose for processing. At Data Talks we have implemented routines and technology to speed up the process for our customers (the Controller).
Data Privacy by Design
Data Talks CDP provides key features and functionality that will support your Data Security compliance now and in the future. Highlights are:
- Well defined and high level of automation for Data Onboarding
- Smart data model with a Business Key Vault
- ML-based and proactive security risk services
- Data Protection methods including functionality for depersonalization
We care about your security
Endpoint Security
Our endpoints are protected in accordance with our security policy. That includes making sure that the underlying infrastructure is locked down as far as possible and that any operating system is patched. There are regular checks done to make sure that the endpoint security is high enough.
Vulnerability Management
Other than finding bugs and vulnerabilities from our daily development work we have a process to search for any vulnerabilities in the system. Any vulnerabilities found are then categorized and given a priority to be handled by the development team.
Quality Assurance
All new features that our development team produces go through a rigorous testing protocol from our QA team to ensure that no bugs or vulnerabilities exist.
Incident Management
There is a well-defined incident management process in place for all security events that might influence the integrity, availability, or confidentiality of our customer’s data. If an incident does occur the security team will give it an appropriate priority and escalate it to the appropriate team.
Data talks application
Our Data Protection
Officer
“We are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the GDPR regulation.
We have a consistent level of data protection and security across our organization, however it is our aim to be fully compliant with the GDPR, PDPA and other national data protection laws.”
Andreas Daun
Data Protection Officer at Data Talks
In a nutshell
The protection of our clients’ data and resources is our priority and therefore, we will continue to improve our security measures and keep up to date with the newest cybersecurity advancements. Finally, we will keep up with the newest regulatory laws so that we stay compliant.
Data Talks CDP – how it works
