Data Protection for SaaS Startups

@Bernardamus
4 replies
Can you recommend any consultants who specialize on reviewing data protection for SAAS StartUps? It would be a PLUS if they have experience with StartUps managing Social media data. Thanks!

Replies

Sergey Voynov
What data protection do you write about? What kind of protection are we talking about? From illegal access, from hacker attacks, DDoS, and so on? The cybersecurity issue is extensive. Or do you want to conduct a security analysis of your social media?
@Bernardamus
@sergey_voynov we are based in Europe but we have global customers, that's the point. And yeah, I was looking for advice for consultants / law firms that can manage this type of issue with a global perspective and if they have experience on SAAS working with Social Media data, even better! If you have any recommendations, you are welcome! Thanks for your feedback.
@Bernardamus
Hello @sergey_voynov ! I mean data protection in the sense of handling personal data of our users properly, we don't manage particularly sensitive data (just email address, email conversations, name, phone number, country) but our users are able to manage social media conversations with our tool, so indirectly we are somehow responsible for treating that data properly as well.... and, depending on the country, the legal framework can be somehow shady, so it would be cool to have somebody that can help check that everything is fine!
Sergey Voynov
@bernardamus There is a formal side of the issue - compliance with national legislation in the field of personal data processing. In the United States, they have their own (moreover, there are also peculiarities of individual states), in Europe, their own requirements (GDPR), in Russia separate. It is necessary to analyze each individual case. Maybe you have to comply with their requirements or be limited by the jurisdiction's laws in which your head office is located. I would advise you to contact law firms that specialize in this. The other side of the issue is the direct use of specific solutions, their customization, maintenance. If you have already seriously developed, then I would advise you to hire your own CISO. It will be cheaper and more efficient than ordering services from cybersecurity companies. And the customer of specific services should be someone who understands cybersecurity.