Compliance Cheat Sheet for Data Privacy Regulations

Compliance at the core

Data privacy is becoming increasingly top of mind for global consumers. However, many organisations overlook how data security is implemented across their supply chain – putting themselves and their customers at risk.

Data Zoo helps create safer verification experiences by protecting your customers and their sensitive data. Our products are certified and adhere to the highest industry standards and regulations around the world, such as; GDPR, SOC 2, CSA STAR Level 2 and ISO 27001:2013.

GDPR

General Data Protection Regulation, or GDPR, is Europe’s core digital privacy regulation. GDPR ensures the protection of personal information by mandating that businesses establish robust protocols for the collection, storage, and handling of data. In addition, the regulation gives consumers more transparency, control and protection over their data and privacy.

SOC 2 Type 2

SOC 2 Type 2 is considered one of the most in-depth and rigorous compliance frameworks. Conducted by external auditors, it provides an independent, third-party report. The report gives customers, regulators, business partners, and suppliers confidence that the solution provider they are engaging with has effective security measures for managing data based on five trust service principles – security, availability, processing integrity, confidentiality, and privacy.

CSA STAR Level 2

CSA STAR is a publicly accessible registry that documents the security and privacy controls of popular cloud computing offerings. The registry allows organisations to show current and potential customers the regulations, standards, and frameworks they adhere to. There are two levels of STAR assurance, each with a different set of requirements. Level 1 is a self-assessment where organisations can evaluate and document their security controls and assess their privacy based on Europe’s General Data Protection Regulation (GDPR) Code of Conduct. Level 2 is a third-party audit by a qualified CSA practitioner.

ISO 27001:2013

ISO 27001:2013 is an internationally recognised information security standard set by the International Organisation for Standardisation (ISO). The standard outlines specific requirements for organisations to establish, maintain and continually improve their information security management systems (ISMS). While ISO 27001:2013 is not a legal requirement, it is considered the benchmark for maintaining customer and stakeholder confidentiality. ISO 27001:2013 helps businesses of all shapes and sizes safeguard their information in a methodical and efficient way by adopting an ISMS.