Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

How GDPR will affect the Right to be Forgotten

gdpr right to be forgotten

about the author

Share this post

The GDPR will come into effect in just a few days’ time and give EU citizens much more control over how their data is stored and processed.

The GDPR will dramatically change the rights of the data subject, and under article 17 of the GDPR, individuals have the right to have their personal data erased, otherwise known as ‘the right to be forgotten’.

This clause allows individuals to request that any records held on them by a business are permanently deleted if there is no legitimate reason for the business to continue processing this information.

Organisations must act upon the request within a month of it being lodged.

The right to be forgotten applies when:

  • The personal data is no longer necessary for the purpose it was originally collected for
  • The individual specifically withdraws consent to processing and there is no other legal basis for processing this information
  • The individual uses their right to object to the data processing
  • Personal data has been unlawfully processed
  • The data must be erased to comply with legal obligations
  •  The individual was a child at the time of data collection

There are, however, a number of exceptions where data may not have to be erased if any of the following apply:

  • The right of freedom and expression
  • The need to comply with a legal obligation
  • Reasons of public interest or in the exercise of a public authority
  • Historical, Scientific research or public interest archiving purposes
  • If the data supports legal claims
  •  If the processing is necessary for public health purposes

When an EU citizen requests the right to be forgotten, a data controller must delete all the personal data that it holds on that individual. However, this is by no means a straightforward process. An individual’s information might be spread across several different departments within an organisation and the back-up of this data could be located on another system altogether.

The deletion of data can be a difficult and time-consuming process if organisations do not have the proper systems in place to effectively locate and manage this information.

To deal with these requests effectively, businesses will need to complete a thorough audit of their systems to make sure that data can easily be located and deleted.

Organisations will need to determine what data they have, where it is stored, and how it is processed in order to comply with the GDPR’s requirements. It will be equally important to dispose of any outdated and unnecessary data whilst safeguarding critical information that is still needed.

The right to be forgotten is complex and has a lot of exceptions and limitations. However, if businesses have the right processes in place they will be able to comply with the legislation and ensure they can effectively exercise an individual’s right to be forgotten.

If you would like more information on how your organisation can improve its approach to GDPR compliance, click here, to find out how MetaCompliance can help.

DISCLAIMER: The content and opinions within this blog are for information purposes only. They are not intended to constitute legal or other professional advice, and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances, the Data Protection Act, or any other current or future legislation. MetaCompliance shall accept no responsibility for any errors, omissions or misleading statements, or for any loss which may arise from reliance on materials contained within this blog.

Other Articles on Cyber Security Awareness Training You Might Find Interesting