Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

Leadership

Meet the MetaCompliance Leadership Team

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Article 30 and its Importance to Your GDPR Project

Article 30 GDPR

about the author

Share this post

With the new General Data Protection Regulation (GDPR), companies that process data will need to ensure they have detailed records of what they’re doing with data.

Article 30 says: “Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.”

The GDPR will see the end of any distinction between internal and external records. There is now only one kind of record-the internal record- which has to be made available to supervising authorities upon their request.

In extreme cases, failure to meet the requirements of the GDPR could see your organisation face a fine of up to €20 million or 4% or annual global turnover – whichever is higher.

Controller or Processor

Data Controller or data Processor

If your organisation is the one that decides what purpose data is being collected for, or how it’s being collected, then your a controller of data.

However, if you are doing the processing on behalf of another organisation then you are a data processor. It is likely that your organisation is both a controller and processor.

The new GDPR regulation has a stringent set of requirements to follow for both data controllers and data processors. It states that you must record:
1) Your organisational details, and the contact details of your Data Protection Officer. Additionally, if your company is not within the EU, then you must provide details of your designated representative in the EU
2) A description of the security measures you have in place to protect data. This includes both technical security measures, such as encryption, as well as organisational security e.g. Internal restrictions on who has access to which parts of the network
3) For data transfers outside of the EEA, organisations will need to document where data is being transferred to and the safeguards in place to protect that data.

Article 30 – What does it mean for the Controller?

If your role is to act as the controller then the onus is on you to determine the purpose of the data processing.

You will also need to record the types of people whose data you’re working with, and the types of data you’re working with, which will inevitably differ dependent on the nature of your business.

If you’re a controller then you will also need to record the types of recipients to whom you will be disclosing data. It is also the controller’s responsibility to document the length of time you plan to keep each category of data before it is erased.

Article 30 – What does it mean for the Processor?

If you’re the processor then you are going to have to deal with the documentation of data. You will need to record:
• The names and contact details of the controller for whom you are processing data
• The details of the controller’s DPO (if they have one) and their representative if they’re not EU based.

This may not sound too taxing, but you must bear in mind that the average processor e.g. a marketing agency would be processing data on behalf of numerous clients. These details must also be recorded for each controller on behalf of whom the processor is processing data.

Additionally, processors need to document the different categories of processing being carried out on behalf of each controller. The GDPR defines processing as: ““any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

With so many variables you can see how this can become a complex problem quite quickly.

What else do you need to know about Article 30?

What else do you need to know about Article 30?

Many are unprepared for this level of data protection compliance. They will quickly need to adopt mature privacy guidelines that can audit processing activities across multiple departments, businesses and markets.

You must have a record of all data processing, whether or not the data is in written or electronic format, and it must be available to your local supervisory authority when they require it.

Preparation for Article 30

Relevant business function and third-party data processing activities need to be identified and a Personal Data Register should be created. Your privacy policies and notices should be updated and internal personnel should be brought up to speed with GDPR as it relates to their specific job title.

In a wider context, the core of GDPR lies in its emphasis on accountability. A chain of accountability should be established at a department, company and organisational level in order to maintain consistent handling of incidents, operational processes and reporting activities. You can read more about the importance of accountability in our previous blog here.

If you’d like additional help with your GDPR project you can visit us on one of our stops as part of our GDPR for Dummies roadshow, which will be coming to a city near you soon. Register for the free breakfast briefings here.

We’ve also created MetaPrivacy – a GDPR solution that is specifically designed to help your business deal with Article 30. For more information on MetaPrivacy and our other GDPR resources, visit here.

Other Articles on Cyber Security Awareness Training You Might Find Interesting