The system deals with PII data(emails, contact details) which are sensitive. Compliance and security become a core part of the data requirements.
- Store no PII data in our system and store them entirely in a 3rd party system that is compliant.
- If the system needs to store any such information, use a data-compliant database and cloud provider.
- Encrypt the data at rest and transit.
- Ensure regular security scans and alerts in the system.