Products

Explore Our Customised Security Awareness Training and Human Risk Management Solutions - Equip your team with the essential skills to defend against modern cyber threats. Our platform offers everything from phishing simulations to comprehensive policy management, empowering your workforce to enhance security and ensure compliance effectively.

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

eLearning Content

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Compliance Management

Simplify Policy, Privacy, and Incident Management for Total Compliance

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Enterprises

A Security Awareness Training Solution For Large Enterprises

Education Sector

Engaging Security Awareness Training For The Education Sector

Tech Industry

Transforming Security Awareness Training In The Tech Industry

Governments

A Go-To Security Awareness Solution For Governments

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Resources Overview
Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Careers

Join Us and Make Cybersecurity Personal

Leadership Team

Meet the MetaCompliance Leadership Team

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

The Top 5 GDPR Myths

gdpr checklist

about the author

Share this post

The General Data Protection Regulation (GDPR) comes into force on the 25th May and will completely overhaul how businesses process and handle data and give individuals a greater control over who collects and processes their data, what it is used for, and how it is being protected.

Despite the May deadline edging ever closer, there are still a number of myths surrounding the GDPR that need dispelled.

TOP GDPR Myths

Myth 1: Every company needs to appoint a DPO

This is false. Only certain organisations will need to appoint a Data Protection Officer (DPO) under the GDPR.

 You must appoint a DPO if:

  • you are a public authority
  • your core activities require large scale, regular and systematic monitoring of individuals
  • your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences

The DPO should be an expert in GDPR and privacy practices, as they are responsible for the monitoring and reporting of GDPR compliance.

DPO’s are expected to help guide Data Controllers and Data Processors by auditing internal compliance and suggesting suitable corrective recommendations where necessary. DPO’s are also expected to act in an independent manner within the organisation.

Myth 2: GDPR only affects European companies

This is false. Although the GDPR is a European regulation, it has wider implications. It doesn’t matter where in the world you are located, if your company is based outside the EU but engages in business transactions with an individual based in Europe, then the GDPR will apply.

Similarly, if a business is headquartered outside the EU but has European operations, it must also comply. GDPR is about personal data and the locality of the person when their data is collected. This is what determines the applicability of the regulation.

Myth 3: GDPR won’t apply to the UK because of Brexit

This is false. The GDPR will still apply after Brexit. The GDPR is designed to regulate how organisations process and control the personal data of EU citizens, regardless of where they are located. The UK will not leave the European Union until April 2019 so European law will continue to apply within the UK.

Myth 4: Fines are the biggest threat to your business

This is False. Although organisations in breach of the GDPR can be faced with fines of up to 4% of annual global turnover or 20 Million Euros, there are a range of other problems non-compliant businesses face.

The GDPR requires that organisations disclose any personal data breaches to the relevant supervisory authority within 72 hours of detection.  If the breach results in a high risk of affecting an individual’s rights and freedoms, then the individual must also be notified with immediate effect.

This uncertainty and loss of data could result in customers leaving and switching to competitors. The loss of consumer confidence could in turn damage the reputation of a business and result in a loss of revenue.

Myth 5: Consent is the only way to process data

This is false. A large number of organisations are under the assumption that consent is the only legal basis for processing personal data. Consent is just one of six legitimate purposes that are required for all processing of personal data.

Under the GDPR, ‘lawful processing’ is only possible when:

  • There is consent from the data subject
  • Processing is necessary for the performance of a contract with the data subject
  • Processing is necessary to comply with a legal obligation
  • Processing is necessary to protect the vital interests of a data subject or another person
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where interests are overridden by the interests, rights or freedoms of the data subject

If you are unsure if your business is on the right track to GDPR compliance, contact us to find out how we can help. MetaPrivacy has been specifically designed to provide the best practice approach to data privacy compliance.

Other Articles on Cyber Security Awareness Training You Might Find Interesting