What DID Consulting Point do about GDPR?
We take our responsibilities under GDPR seriously. That’s why we embarked on a programme to identify which measures we need to implement to be compliant with GDPR and have implemented before 25 May 2018. We worked hard and complete the programme within time.
Here is a quick summary of what we did / are doing:
We conducted a comprehensive GDPR audit and gap assessment. Following the gap assessment, we created an internal roadmap to worked towards compliance with GDPR before 25 May 2018.
Our product and security teams have identified necessary changes/improvements to our product and are working to implement those
We conducted a comprehensive data-mapping exercise that tracks personal data flows throughout our systems and services. We are in the process of finalising the data maps
We are well underway with engaging all key third-party vendors to make sure we have the appropriate contractual protections in place that satisfy GDPR requirements
We’re refining procedures to deal with some key data subject rights, like subject access requests and the right to request deletion
We’ve produced a GDPR compliant Data Processing Addendum
We’ve updated our privacy notice to be GDPR compliant as well as more clear, concise and transparent about how we process personal data
We’ve updated our incident response procedures to bring them into line with GDPR
We’ve implemented a company-wide data protection training module for all Consulting Point personnel
We’ve implemented a data protection impact assessment procedure and integrated that into our system and product development