Strong security culture is our bread & butter

We are committed to ensuring the security and protection of the personal information that we process on our clients’ behalf, providing a compliant and consistent approach to data protection.

Data talks application

Security Within Data Talks

In 2019 over 90% of data breaches were caused by human error.

These often come in the form of Social Engineering, Phishing and Malware attacks.

For this reason we invest a significant amount of time into training our employees on IT security risks and how to mitigate them.

All of our endpoint devices have disk encryption, malware/virus protection, and the operating systems are regularly updated with the latest security patches.

Key
Infrastructure Security

Data Talks is built upon one of the world's leading cloud providers, AWS.

AWS has a GDPR, SOC 2/3, ISO 9001 / ISO 27001 (and more) compliant infrastructure ensuring that we have a secure foundation for our product to be built on.

 

Sun
Zero Trust Network

With the increased amount of data breaches that happen each year, it's no longer enough to define your network as an "Inside" trusted network and an "Outside" untrusted network.

Data Talks relies on the Zero Trust networking principles which treat no network as a trusted network.

This means that any access to internal resources needs to be authenticated with MFA regularly

Display#2
Authentication and Permissions

Multi-Factor Authentication employed in all of our internal services, ensuring that even if passwords are compromised, an attacker would still fail to be able to access our systems.

We rely on strong Role-Based Access Policies so that the minimum amount of access is given to services, applications and employees to reduce the attack surface area.

Select
Data Security

Any data traversing our networks is encrypted with TLS v1.2.

All customer data is logically separated and protected using different accounts/authentication credentials ensuring that there is no cross contamination of data between customers.

All data at-rest is encrypted using 256-bit AES encryption, ensuring that your stored data is protected with one of the strongest block ciphers available.

Protecting our clients’ data

Interested in our policy and procedures? Read the following article written by Anders Madeley, CTO at Data Talks.

Data talks application

Strong security culture

We are committed to ensuring the security and protection of the personal information that we process on our clients behalf,  providing a compliant and consistent approach to data protection. 

Security development practices

We are supporting our customers through preparation to enable security of data, we have routines and policies that we ourselves follow strictly. In addition to that, during customer onboarding we help out with ready to use templates for information audits.

The following are highlights in our preparation.

  • Data Retention & Erasure our retention policy and schedule ensures that we meet the ‘data minimization’ and ‘storage limitation’ principles.
  • Breach response procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach.
  • Information Audits:
    • Customer specific audits with well-defined templates for Legal Basis and Impact Assessment.
    • Internal Audits with help of our Data Catalog to have control in what data we have.

Data Talks Pro is built on top of the AWS cloud. That means the responsibility for the security of Data Talks Pro is shared between Data Talks and AWS.

We are responsible for the protection of the security IN the cloud while AWS is responsible for the security OF the cloud. AWS is therefore responsible for the underlying infrastructure such as the data center itself and the servers inside while Data Talks is responsible for the data stored on those servers.

Article 15 in GDPR requires Controllers to give Data Subject access to information, erasure, portability, restriction in processing and purpose for processing. At Data Talks we have implemented routines and technology to speed up the process for our customers (the Controller).

Data Talks PRO provides key features and functionality that will support your Data Security compliance now and in the future. Highlights are:

  • Well defined and high level of automation for Data Onboarding
  • Smart data model with a Business Key Vault
  • ML based and proactive security risk services
  • Data Protection methods including functionality for de-personalization

We care about your security

Key
Endpoint Security

Our endpoints are protected in accordance with our security policy. That includes making sure that the underlying infrastructure is locked down as far as possible and that any operating system is patched. There are regular checks done to make sure that the endpoint security is high enough.

Sun
Vulnerability Management

Other than finding bugs and vulnerabilities from our daily development work we have a process to search for any vulnerabilities in the system. Any vulnerabilities found are then categorized and given a priority to be handled by the development team.

Sketch
Quality Assurance

All new features that our development team produces go through a rigorous testing protocol from our QA team to ensure that no bugs or vulnerabilities exist.

Display#2
Monitoring

We keep an active monitoring of our network as well as our different APIs and our Integration engine. This is then checked for any suspicious or unusual behaviour. Any such activity will notify the security team who will then investigate the issue.

 

Select
Incident Management

There is a well-defined incident management process in place for all security events that might influence the integrity, availability, or confidentiality of our customer’s data. If an incident does occur the security team will give it an appropriate priority and escalate it to the appropriate team.

Data talks application

Our Data Protection
Officer

We are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the GDPR regulation.

We have a consistent level of data protection and security across our organization, however it is our aim to be fully compliant with the GDPR, PDPA and other national data protection laws.

Andreas

Andreas Daun

Data Protection Officer at Data Talks

In a nutshell

The protection of our clients’ data and resources is our priority and therefore, we will continue to improve our security measures and keep up to date with the newest cybersecurity advancements. Finally, we will keep up with the newest regulatory laws so that we stay compliant.

Integrations

See What's
Next for Data Talks

See where we’re heading:

Data Talks PRO – how it works

Sounds interesting?

Get in touch and we ‘ll take it from there.
Arrow-up