Data talks application
In 2019 over 90% of data breaches were caused by human error.
These often come in the form of Social Engineering, Phishing and Malware attacks.
For this reason, we invest a significant amount of time into training our employees on IT security risks and how to mitigate them.
All of our endpoint devices have disk encryption, malware/virus protection, and the operating systems are regularly updated with the latest security patches.
Data Talks is built upon one of the world's leading cloud providers, AWS.
AWS has a GDPR, SOC 2/3, ISO 9001 / ISO 27001 (and more) compliant infrastructure ensuring that we have a secure foundation for our product to be built on.
With the increased amount of data breaches that happen each year, it's no longer enough to define your network as an "Inside" trusted network and an "Outside" untrusted network.
Data Talks relies on the Zero Trust networking principles which treat no network as a trusted network.
Multi-Factor Authentication employed in all of our internal services, ensuring that even if passwords are compromised, an attacker would still fail to be able to access our systems.
We rely on strong Role-Based Access Policies so that the minimum amount of access is given to services, applications and employees to reduce the attack surface area.
Any data traversing our networks is encrypted with TLS v1.2.
All customer data is logically separated and protected using different accounts/authentication credentials ensuring that there is no cross-contamination of data between customers.
All data at-rest is encrypted using 256-bit AES encryption, ensuring that your stored data is protected with one of the strongest block ciphers available.
Interested in our policy and procedures? Read the following article written by Anders Madeley, Head of Partnerships at Data Talks.
Data talks application
We are committed to ensuring the security and protection of the personal information that we process on our clients behalf, providing a compliant and consistent approach to data protection.
We are supporting our customers through preparation to enable the security of data, we have routines and policies that we ourselves follow strictly. In addition to that, during customer onboarding, we help out with ready-to-use templates for information audits.
The following are highlights of our preparation.
Data Talks CDP is built on top of the AWS cloud. That means the responsibility for the security of Data Talks CDP is shared between Data Talks and AWS.
We are responsible for the protection of the security IN the cloud while AWS is responsible for the security OF the cloud. AWS is therefore responsible for the underlying infrastructure such as the data center itself and the servers inside while Data Talks is responsible for the data stored on those servers.
Article 15 in GDPR requires Controllers to give Data Subjects access to information, erasure, portability, restriction in processing and purpose for processing. At Data Talks we have implemented routines and technology to speed up the process for our customers (the Controller).
Data Talks CDP provides key features and functionality that will support your Data Security compliance now and in the future. Highlights are:
Our endpoints are protected in accordance with our security policy. That includes making sure that the underlying infrastructure is locked down as far as possible and that any operating system is patched. There are regular checks done to make sure that the endpoint security is high enough.
Other than finding bugs and vulnerabilities from our daily development work we have a process to search for any vulnerabilities in the system. Any vulnerabilities found are then categorized and given a priority to be handled by the development team.
All new features that our development team produces go through a rigorous testing protocol from our QA team to ensure that no bugs or vulnerabilities exist.
There is a well-defined incident management process in place for all security events that might influence the integrity, availability, or confidentiality of our customer’s data. If an incident does occur the security team will give it an appropriate priority and escalate it to the appropriate team.
Data talks application
Our Data Protection
Officer
“We are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the GDPR regulation.
We have a consistent level of data protection and security across our organization, however it is our aim to be fully compliant with the GDPR, PDPA and other national data protection laws.”
Data Protection Officer at Data Talks
The protection of our clients’ data and resources is our priority and therefore, we will continue to improve our security measures and keep up to date with the newest cybersecurity advancements. Finally, we will keep up with the newest regulatory laws so that we stay compliant.
Cookie | Duration | Description |
---|---|---|
NID | 6 months | The NID cookie contains a unique ID Google uses to remember your preferences and other information, such as your preferred language, your most recent searches, your previous interactions with an advertiser’s ads or search results, and your visits to an advertiser’s website. This helps us show you customized ads on Google. |
Cookie | Duration | Description |
---|---|---|
_hjid | a year | Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. |
VISITOR_INFO1_LIVE | 6 months | This cookie allows Youtube to check for bandwidth usage. |
YSC | Session | Registers a unique ID to keep statistics of what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
__cfduid | a month | Cookie is set on websites using Cloudflare to speed up their load times and for threat defense services. It is does not collect or share user identification information. |
_calendly_session | 21 days | This cookie is associated with Calendely, a Meeting Schedulers that some websites employ. This cookie allows the meeting scheduler to function within the website. |