What is Consulting Point doing about GDPR?


We take our responsibilities under GDPR seriously. That’s why we embarked on a programme to identify which measures we need to implement to be compliant with GDPR, and have implemented them in time for 25 May 2018.

Here is a quick summary of what we’ve done to date:

  1. We conducted a comprehensive GDPR audit and gap assessment. Following the gap assessment, we created an internal roadmap to worked towards compliance with GDPR before 25 May 2018
  2. Our product and security teams have identified necessary changes/improvements to our product and are working to implement those
  3. We conducted a comprehensive data-mapping exercise that tracks personal data flows throughout our systems and services. We are in the process of finalising the data maps
  4. We are well underway with engaging all key third-party vendors to make sure we have the appropriate contractual protections in place that satisfy GDPR requirements
  5. We’re refining procedures to deal with some key data subject rights, like subject access requests and the right to request deletion
  6. We’ve produced a GDPR compliant Data Processing Addendum 
  7. We’ve updated our privacy notice to be GDPR compliant as well as more clear, concise and transparent about how we process personal data
  8. We’ve updated our incident response procedures to bring them into line with GDPR
  9. We’ve implemented a company-wide data protection training module for all Consulting Point personnel
  10. We’ve implemented a data protection impact assessment procedure and integrated that into our system and product development