Data security is a critical component for all businesses. Business data protection helps to secure customer details, financial information, survey data and other key business data which are key company assets.
Many companies, including Sample Solutions, rely on the fact that data they have and work with is secure, encrypted and can not be breached. Losing the data in a natural catastrophe is one thing but losing it to a breach can lead to severe consequences. Not only do data breaches damage a company’s reputation and destroy consumer trust, breaching may also lead to lost business opportunities and financial consequences, along with disrupt safety and natural workflow.
1. Mobile RDD
Sample
Pulsed Mobile RDD
Consumer Sample
Global coverage with more than 250
key variables
RDD onDemand
RDD onDemand provides direct access
to our global RDD data base
Geocoding Services
Enrich Data with NUTS regions or
other socio-demgraphic data
Data Security Whitepaper Wh
Sample Solutions
P R E M I E R . S A M P L E . P R O V I D E R
PREMIER.SAMPLE.PROVIDER
SAMPLE SOLUTIONS
Landline RDD Sample
Pulsed landline RDD for more than
140 countries
2.
3. NAME OF THE CHAPTER
3Brochurename or the title
Introduction
Data security is a critical component
for all businesses. Business data protection
helps to secure customer details, financial
information, survey data and other key
business data which are key company assets.
Many companies, including Sample
Solutions, rely on the fact that data they
have and work with is secure, encrypted
and can not be breached. Losing the data
in a natural catastrophe is one thing but
losing it to a breach can lead to severe
consequences. Not only do data breaches
damage a company’s reputation and destroy
consumer trust, breaching may also lead to
lost business opportunities and financial
consequences, along with disrupt safety
and natural workflow.
4. NAME OF THE CHAPTER
4 Brochurename or the title
Content
More rigorous requirements
for obtaining consent
for collecting personal data
3
6
8
Data security is a critical
component for all
businesses
Background
General
Approach to
Data Protection
Introduction
5. NAME OF THE CHAPTER
5Brochurename or the title
10
11
12
Products
of Sample
Solutions
Future Steps
towards
2018
Works
Referenced
SMS Survey Platform;
Sample on Demand.
Breaching may also lead to
lost business opportunities
6. 6 Brochurename or the title
NAME OF THE CHAPTER
Background
In the age of digitalization and e-commerce, data protection and security have become
increasingly important. Not only must companies protect their own data from cyber
espionage, but they must also safeguard consumer data and abide by ever-changing
data protection regulations or face severe consequences. Data breaches cost compa-
nies millions each year, just ask Target--a large US retailer--who had to pay out 67
million for a massive data breach in 2013. According to the Ponemon Institute in 2015
alone, data breaches cost companies an average of $3.79 million (≈3.39 million euros).
Thus it is essential for companies to have proper data safeguard mechanisms inte-
grated into their systems along with regulatory compliance for all countries in which
they conduct business. Issues like new Data Protection Regulation as well as what
companies need to do regarding this will be discussed later in this whitepaper.
Data protection regulation is intended to strike a balance between the rights
of individuals to privacy and the ability of companies to use data for com-
mercial purposes. The main purpose for the existence of data legislation
is that the personal data is not processed without the knowledge of the individual.
Moreover, In 2018 the General Data Protection Regulation (GDPR) will come into
place which requires all companies conducting business within the EU to handle
I
7. 7Brochurename or the title
NAME OF THE CHAPTER
Data protection regulation is intended
to strike a balance
“the personal data is not processed
without the knowledge of the
individual.”
It is essential for companies to have
proper data safeguard mechanisms
“regulatory compliance for all
countries in which they conduct
business”
Intensive work with data
“we will look at how these new practices apply
to our core products: telephone
samples, sms surveys and lastly -
data services.”
data in specific ways. Besides the EU countries, it also addresses the transfer of
personal data outside the EU.
Key changes to EU data protection introduced by the GDPR are the following:
- More rigorous requirements for obtaining consent for collecting personal data
- Raising the age of consent for collecting an individual’s data from 13 to 16 years
old
- Requiring a company to delete data if it is no longer used for the purpose for
which it was collected
- Requiring a company to delete data if the individual revokes consent for the
company to hold the data
- Requiring companies to notify the EU government of data breaches within 72
hours of learning about the breach
- Establishing a single national office for monitoring and handling complaints
brought under the GDPR
- Companies handling significant amounts of sensitive data or monitoring the
behaviour - of many consumers will be required to appoint a data protection
officer
Fines up to €20m or 4% of a company’s global revenue for its non-compliance.
8. NAME OF THE CHAPTER
8 Brochurename or the title
General approach to data protection policies
Data security and the challenge of data protection is increasing in scope—and difficulty. While organiza-
tions have long needed to safeguard intellectual property and confidential information, changes in informa-
tion technology and business models introduce new actors, new threats, and new regulations. As a result,
companies, including Sample Solutions, need to think beyond the traditional models of securing the perim-
eter and locking down specific segments of IT infrastructure in order to achieve their data protection goals.
Even before the new Data Protection Regulation comes into force, Sample Solutions has always complied with the EU’s Data
Protection Directive which requires data controllers to ensure data protection requirements are met and safeguards are
in place including measures related to security, and we continually strive to further improve and develop these measures
beyond what is required. Our systems require identity assurance, visible trust and strong protection, some of Sample Solu-
tions general policies include data encryption, safely storing the data, SSL certificates for security and reliable web hosting.
All of our data is delivered via our own platform where we host the data on a dedicated server -
https://www.surveyplatform.eu There are several advantages of providing the data via platform and not FTP
or other third-party applications. Reliable web hosting, SSL and encryption are provided for each and every
sub-platform as well as all orders that we deliver to clients. We discuss security security protection pro-
vided by third party applications and how they contribute to better data protection in the following sections.
9. NAME OF THE CHAPTER
9Brochurename or the title
Web Hosting
The server hosting for our platform is provided by Strato ( https://www.strato.nl/ ) . It’s 100% hosted in Germany as they
provide excellent IT security which is verified repeatedly each year through independent TÜV certification (ISO 27001).
STRATO also offers three-tiered security concept which includes:
- Security data centers, complying with Germany’s strict legal requirements where they host more than 60.000 serves
and 4 million websites
- Backup control and risk management at the highest level
- Secure data transmission through encryption
SSL Certificate
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server
and a browser. The adoption of SSL certification is on the rise. SSL is a transparent protocol which requires little inter-
action from the end user when establishing a secure session. As opposed to unsecured HTTP URLs which begin with
“http://” and use port 80 by default, secure HTTPS URLs begin with “https://” and use port 443 by default.
Most information security professionals would think that SSL is a basic security measure due to the fact that HTTP is
insecure and is subject to eavesdropping attacks which can let attackers gain access to online accounts and sensitive
information. Data that is sent or posted through the browser using HTTPS is ensured that is encrypted and secure.
Sample Solutions has enabled Extended Validation SSL Certificates ( EV SSL ) as the highest class of SSL available. This
kind of certificate activate both the padlock and the green address bar in all major browsers. EV SSL Certificates provide
the strongest encryption level available and enables us to present our own verified identity to website visitors. EV SSL
Certificates offer a stronger guarantee, are globally standardized and have verification process defined within the EV
Encryption
As a concept , encryption does not prevent inter-
ception, but it denies the message content to the
interceptor. In our system all of the delicate data is
encoded in such a way that only authorized parties
can read it. In our platform we encrypt the files
with an encryption key which specifies how the
messages should be encoded. All the sessions and
session variables are encoded in the backso all the
sub-platforms are secured as well.
Everyone agrees that - usernames and passwords
are the ultimate thing that needs to be protected.
Sample Solutions encryption offers encoding for
these as well , so that in the unlikely case of a data
breach, this information will not be published or
accessible by third parties.
10. NAME OF THE CHAPTER
10 Brochurename or the title
Sample Solutions wants to make sure all of our security policies are provided for the products we offer to clients.
Here we are mention policies for our two most used platforms - the SMS survey platform which enables one
and two-way SMS surveys and Sample on Demand which offers internal work with RDD and B2B databases and
includes our Client Delivery System where all the processed orders are safely stored and delivered to clients.
1. SMS Survey Platform
The SMS Survey Platform is currently our only platform in Sample Solutions that handles personal data.
So far the company has complied with all internal regulations in every country that we have performed
surveys in. Based on the data protection regulations discussed in the preceding sections, the SMS Survey
platform is built with a modern and widely popular web framework that provides additional safety measures.
The SMS Survey platform utilizes a sophisticated authentication and user- management system. This provides
a safe and secure way of logging into the application and managing the users accordingly. The system also
provides user roles, so that not all users are allowed to have access to the delicate parts of the application.
By using a modern web framework to develop the SMS plat-
form – several security measures are already covered, such as:
Cross-site request forgeries – targeting some URLs may have some side effects. That is why
not all users have the same roles and cannot access all the parts and routes of the application.
XSS Cross-site scripting – placing unwanted client-side code that steals informa-
tion. This is solved by escaping and making sure that every user-submitted data is safe.
SQL Injection – when an application uses unfiltered user input in communication with the database. By
default, the framework offers techniques that are SQL injection proof which the SMS platform extensively uses.
Forced HTTPS when exchanging sensitive data – if someone tries to communicate with the system without
a secure connection, the system forces them to use HTTPS over HTTP for additional security measures.
By using a popularly, supported and regularly maintained web framework for developing this platform and also
implementingthebestprogrammingtechniques–wehavemadesurethatthisplatformiscompletelydata-secure.
2. Sample On Demand
Sample on Demand is the general tool for delivering the main product of Sample Solu-
tions - RDD, B2B, B2C samples - can be found under https://sample.surveyplatform,eu
SSL protected and encrypted as well, this platform is highly protected in several ways since
the data we are delivering are delicate and of great importance to our clients. Generally devel-
oped both for administrators and users it provides encrypted authentication for both parties.
During the upload and delivery of an order the following actions are taken:
Products of Sample Solutions
11. NAME OF THE CHAPTER
11Brochurename or the title
Future steps
towards 2018
Around 18 months are left till 2018
and the implementation of the
new EU data protection guidelines.
Therefore we have developed a
roadmap towards 2018 to further
strengthen our data protection
policies. Although, only a part of the
data that Sample Solutions works
with is classified as personal data,
we will strive to comply with the new
regulations and continually improve
our system. As part of our next steps,
we will establish a data protection
management team to implement the
ISO27001 international standard for
Information Security Management.
Furthermore, we plan on appointing
a data protection officer, to ensure
that the use personal data only in
cases the data protection regime
allows using the data in question and
obtain specific and explicit consent
by individuals for the processing of
their data ( Opt - In ).
-Oncetheorderisuploaded,theclientwillimmediatelyreceivetwosep-
arate emails. One contains the access link to the order and the second
email contains the password for the submitted order. The files are kept
inourowndedicatedserverthustheycannotbeaccessinanyotherway.
- After the order is processed, the system automatically sends the client
an internal and external link to access the files. The internal URL demands
authentication by the user itself, and the external URL is equipped with
additional protection by including randomly generated unique strings
that do not allow any kind of prediction guessing from an outside party.
- The platform offers a unique password per order after the client
passes the general verification and is equipped with a limited number
of downloads per order to prevent outside attacks or abuse of data.
- For general protection, the link to the platform automatically
expires after 21 days. However, the client can still access the origi-
nal files past the expiration date upon request as we store these.
“By using a modern web framework
to develop the SMS platform -
several security measures are already
covered”
12. Works Referenced
1. Directive 2002/58/EC of the European Parliament and of the
Council of 12 July 2002 concerning the processing of personal data
and the protection of privacy in the electronic communications sec-
tor (Directive on privacy and electronic
communications)
2. Official Journal L 201 , 31/07/2002 P. 0037 - 0047
Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND
OF THE COUNCIL concerning measures to ensure a high com-
mon level of network and information security across the Union /*
COM/2013/048 final - 2013/0027 (COD) */.
3. M Law Group, 2012, New Draft European Protection Regime.
Available from:
http://www.mlawgroup.de/news/publications/detail.php?we_ob-
jectID=227
4. Global Sign, What is SSL? Available from: https://www.globalsign.
com/en/ssl-information-center/what-is-ssl/
5. Ponemon Institute Research Report, 2015, 2015 Cost of Data
Breach Study: Global Analysis. Available from:
www.ibm.com/security/data-breach
www.sample.solutons