Do you have a GDPR compliant privacy policy?
Are you registered with the ICO?
Are you ISO27001 certified?