What is Consulting Point doing about GDPR?
We take our responsibilities under GDPR seriously. That’s why we embarked on a programme to identify which measures we need to implement to be compliant with GDPR, and have implemented them in time for 25 May 2018.
Here is a quick summary of what we’ve done to date:
- We conducted a comprehensive GDPR audit and gap assessment. Following the gap assessment, we created an internal roadmap to worked towards compliance with GDPR before 25 May 2018
- Our product and security teams have identified necessary changes/improvements to our product and are working to implement those
- We conducted a comprehensive data-mapping exercise that tracks personal data flows throughout our systems and services. We are in the process of finalising the data maps
- We are well underway with engaging all key third-party vendors to make sure we have the appropriate contractual protections in place that satisfy GDPR requirements
- We’re refining procedures to deal with some key data subject rights, like subject access requests and the right to request deletion
- We’ve produced a GDPR compliant Data Processing Addendum
- We’ve updated our privacy notice to be GDPR compliant as well as more clear, concise and transparent about how we process personal data
- We’ve updated our incident response procedures to bring them into line with GDPR
- We’ve implemented a company-wide data protection training module for all Consulting Point personnel
- We’ve implemented a data protection impact assessment procedure and integrated that into our system and product development