Points’ Approach to GDPR
Data protection and security have always been at the core of our business at Points.com Inc.(Points) We are dedicated to security and privacy by adopting industry best practices to protect your data. As a part of this, we have been working to ensure our compliance with the EU General Data Protection Regulation (GDPR).
What is the GDPR?
The GDPR is a new European Union (EU) law that applies to all residents of the European Economic Area (EEA), and comes into effect on May 25th, 2018. GDPR is designed to ensure all EEA residents have greater control over how their personal data is processed, stored, used, and disposed. The GDPR applies to any company that handles the personal data of residents in the EEA.
What has Points done to prepare for the GDPR?
- Appointed a Data Protection Officer (DPO@points.com).
- Raised internal awareness, and delivered training to key internal teams.
- Formed a core GDPR team with members from key internal groups.
- Implemented processes related to individuals exercising their rights under the GDPR.
- Created a data protection impact assessment process, integrated with Points’ existing processes, such that data protection is considered at multiple phases in a development project.
- Implemented processes that support our GDPR compliance efforts generally.
- Engaged a third-party information security auditor to help identify any gaps or areas of weakness during our GDPR implementation.
- Engaged with key suppliers to ensure that data processing is aligned with GDPR requirements.
Points has developed, and will continue to develop and improve upon, our GDPR compliance program. This will help us to manage any necessary and appropriate changes that may be required as GDPR best practices develop and evolve.
Learn More About Points & GDPR
Still have questions?
We’re happy to help! Please contact DPO@points.com