@perry These are the questions I could come up with. feel free to skip any and be as brief or detailed as you like.
How do you defend your customer against third party risks?
What sort of training are developers given regarding data privacy?
Is there any legal documentation or registration with a legal body needed to be able to store user data?
What Security mechanisms and techniques are generally used for data privacy?
What are the legal penalties faced by an organization if it fails to provide data privacy?
Is there a relationship between organizations and regulatory bodies/policy makers to craft sensible regulations and standards? How much of a say do organizations have in the drafting of these laws and who represents their interests?
How much time and effort is spent to make sure that the products of the organization are compliant with data privacy laws? For example, how did the European Court of Justice’s recent decision to invalidate the EU-US Privacy Shield framework have an effect on the development of your products?
Do all departments have access to your various data assets? How is the decision to grant certain departments certain access made?
Is the financial impact of high-risk data leaks calculated?
How do you monitor and detect security incidents? Do you develop your own solution or do you rely on third party solutions?
Once again thank you for entertaining my request.