If the application demands your buyers to enter their information on their own personal equipment, Then you definately qualify for SAQ A. The GDPR guards private information regardless of the know-how used for processing that facts. It is actually technology neutral and applies to the two automatic and guide processing, https://www.nathanlabsadvisory.com/blog/nathan/achieve-fisma-compliance-in-the-usa-avoid-risks-and-stay-secure/
