How Noosa.io became GDPR compliant in 14 sessions with Sprinto
Noosa is an Israel-based embedded finance solutions provider with a focus on customer experience. They cater to a wide category of high-end retail brands with innovative payments and other finance solutions that enhance user experience, improve conversion, increase transaction size, and overall customer retention.
GDPR
Israel
14 sessions
Time to GDPR readiness
Ready to get started?
Challenge
Though based out of Israel, Noosa is focused on driving European business and expanding therein. But the overarching requirement for sweeping GDPR compliances has posed a real roadblock. “We were going live in Italy. We had to be GDPR compliant,” says Idan Deshe, Co-Founder of Noosa.
Familiar with the stringent criteria, Noosa attempted to get GDPR compliant with support from an external consultant once, but the outcome was not up to the mark. “They gave us an idea of what should be done, but it was hard for them to tell us what we needed to do to implement it. It was very, very high level,” remembers Idan.
Noosa needed a compliance solution to accommodate its business model and scope out a clear path to GDPR compliance. They preferred working with a solution provider with the [technical] expertise to dive deep for effective implementation of GDPR policies and procedures.
I was looking at a few GDPR policies and stumbled upon a Sprinto’s article on GDPR. After a few conversations with Sprinto’s team, I knew that we could get started again.
Solution
Noosa integrated with Sprinto to operationalize its GDPR program. Sprinto compliance experts worked with Noosa to identify and implement relevant security control measures that ensure and prove GDPR compliance, including policies. With Sprinto, Noosa could tap into a rich GDPR solution suite that included change management modules, security training modules, policy modules, and MDM solution, to leap toward compliance. Noosa, on its part, worked with its preferred legal partners to verify policy documentation and contractual clauses against GDPR mandates.
Connecting Sprinto to all our cloud based service providers was very easy and with automation, they showed us where we are right now in our compliance journey, and where we need to be.
Results
“Sprinto’s automation platform and compliance experts were key to our success with GDPR,” says Idan.
Noosa reached GDPR compliance in 14 sessions and implemented an air-tight GDPR management program over Sprinto. Over these 14 sessions, Noosa worked on, among others, all applicable GDPR policies, vulnerability management, RBAC configurations, disaster recovery, and access control to critical systems. Using Sprinto, Noosa could also provide GDPR-aligned security training to its team.
“Sprinto gave us a lot more than we expected. I am pretty sure if we were to become compliant the traditional way or the old-fashioned way, it would have been less beneficial for us,” remarks Idan.
Over the course of their compliance journey, Noosa reaped insights on coding practices that complement compliance and elevate day-to-day processes. Post compliances improvements they rolled out included a peer review for every pull request, periodic vulnerability scans to trim down inconsistencies that happen as a byproduct of rapid scaling and business expansion, and the use of MDM solutions to secure employee devices that connect to Noosa’s business environment.
“Now we do things with compliance in mind. We have implemented procedures and policies to ensure that every process from its initial stage is implemented in a way that is in line with compliance,” notes Idan.
Noosa continues to use the Sprinto platform to monitor security and privacy controls and address instances that would make them non-compliant with GDPR. “The results were immediate – whenever there was a misconfiguration, we could see it on the platform and fix it immediately,’’ adds Idan.
It is the idea of a tool that automatically monitors the compliance posture and a team that is very familiar with the compliance process that is a game changer. I don’t know if I’ll ever go back to doing things the traditional way.
