What security systems does your company use?
This essentially means what system does your company have in place to protect data. This could include firewalls, antivirus programs, backup files, and encryption. There are many options you could choose from. A good example would include Amazon Web Services because they would provide cloud storage to collect and secure data which could be used to store the data collected from your app/website
Does your security system fall in compliance with GDPR (general data protection regulation)?
When having a company that collects data, especially user sensitive data, you must make sure your security system complies with GDPR. This means that any data collected is secured and cannot be breached. A couple of well-known security breaches in recent years include Yahoo, LinkedIn, and Myspace. Due to these breaches, these companies were fined and had to rework how their data was protected.
What data falls under the GDPR:
- Basic identity information such as name, address, and ID numbers
- Web data such as location, IP address, cookie data, and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
When does a company fall under GDPR jurisdiction?
- A presence in an EU country
- No presence in the EU, but it processes personal data of European residents
- More than 250 employees
- Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional or includes certain types of sensitive personal data. That effectively means almost all companies. A PwC survey showed that 92 percent of U.S. companies consider GDPR a top data protection priority.