Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

How to Maintain GDPR Compliance During Covid-19

GDPR Compliance during Covid-19

about the author

Share this post

Covid-19 has created unprecedented challenges for organisations across the world. Within a short space of time, organisations have had to rapidly set up remote operations, react quickly to new risks, adapt processes, all whilst maintaining GDPR compliance.

As a result of the pandemic, organisations are now collecting and processing new types of information about individuals. Much of this information falls into the categories of ‘personal data’ and ‘special categories of personal data’, both of which are subject to strict compliance requirements under the GDPR.

The rapid transition to remote working has also highlighted the importance of data protection as cybercriminals seek to exploit the pandemic and use it as a means to launch targeted attacks. New Cyber Security risks are emerging all the time so it’s crucial that organisations implement the correct measures needed to maintain the strictest data security that the GDPR requires.

The UK Information Commissioner’s Office (ICO) has said that they understand the difficulties that organisations are currently facing and that they will take a ‘reasonable and pragmatic’ approach to enforcing data protection obligations. However, they’ve made it clear that organisations are still very much expected to maintain a good level of compliance with the GDPR whilst adapting to this new working environment.

GDPR Compliance personal information

To ensure that your organisation remains compliant with the GDPR during Covid-19, we’ve outlined a number of steps you can take.

Top Tips to Achieve GDPR Compliance During Covid-19

1. Conduct a Data Protection Impact Assessment (DPIA)

To comply with the GDPR, you must be able to demonstrate that you are conducting additional recording requirements when processing sensitive data. As health information is classified as a ‘special category of personal data’, it carries a higher risk. One way of demonstrating accountability and ensuring the appropriate measures are in place to protect this data is through a Data Protection Impact Assessment. DPIAs help identify and minimise risks related to personal data processing.

The DPIA should set out:

  • The activity being processed
  • The data protection risks
  • Whether the activity is necessary and proportionate
  • How risk will be mitigated
  • Confirmation that mitigation has been effective

The DPIA will be crucial to demonstrating compliance and reducing data protection related risks to your organisation.

2. Only Collect and Process What is Necessary

Under the GDPR, organisations must have a specific and legitimate reason for collecting and processing personal information. The data can only be used for specific purposes and must not be processed for any other use, unless the data subject has provided their explicit consent. Any data collected must be limited to only what is necessary to achieve those specific purposes.

This means that your organisation should assess and identify the types of personal data that needs processed in order to keep staff safe. For example, is it necessary to conduct temperature checks as employees enter the office? Should contacts of an employee who tests positive for Covid-19 be notified? Your organisation can’t just collect personal data on the off chance that it might be useful in the future, there must be clear objectives as to why this data is being processed. If you can demonstrate that your approach is reasonable, fair, and proportionate to the circumstances, then it is unlikely to be unlawful.

GDPR Compliance Temperature check

3. Be Transparent

When processing personal data, you must be open and honest about what you are doing with it. For example, if your organisation needs to implement testing for employees or you have to collect data for contact tracing purposes, you must be transparent and make certain information available to these individuals. Employees have the right to know why you need this data, what you intend to do with it and who you’re going to share it with.

It’s best to have this information written down in a document known as a privacy notice. A privacy notice is one of the key documents you will have to produce if you process personal data, in order to comply with the GDPR. Essentially, it explains how you collect, process, and use people’s data. Your existing privacy notice may already outline what information can be collected and processed during a health crisis, but this may need to be updated to reflect any new data processing activities that are being undertaken during the current Covid-19 pandemic.

4. Keep Information Secure

GDPR Compliance Keep Information Secure

Any personal data you hold must be kept securely and only held for as long as is necessary. A retention policy will help determine when personal information needs to be reviewed, deleted or disposed of. Physical records should be locked away to prevent data breaches, and appropriate security measures should be in place to secure personal data that is stored digitally.

Despite the rapid transition to remote working, the ICO has stated that organisations should be adopting the same kind of security measures that they would use under normal circumstances. To prevent any personal data breaches and reduce the chance of a costly cyber attack, it’s important you maintain the security of systems, software, and remain vigilant to Coronavirus related cyber threats. Employees will also need to be educated on evolving threats and trained on how to use the new security tools and processes that will enable secure remote working.

Additionally, organisations are still legally bound to disclose any personal data breaches to the relevant supervisory authority within 72 hours of detection.

5. Respect the Rights of the Data Subject

Despite operating in exceptional circumstances, it’s crucial your organisation informs individuals about their rights in relation to their personal data. The GDPR provides the following rights for individuals:

  • The right to be informed – Individuals have the right to be informed about the collection and use of their personal data.
  • The right of access – Individuals have the right to access their personal data and any supplementary information. They can request a copy of all information held on them and it should be provided free of charge and within one month of the request being lodged.
  • The right to rectification – Individuals can request that any inaccurate personal data is rectified.
  • The right to erasure – Individuals can request to have their personal data erased. The right to erasure is also known as the right to be forgotten.
  • The right to restrict processing – In certain circumstances, individuals can request that further processing of their data is restricted. When the processing is restricted, you have permission to store their personal data but not use it.
  • The right to data portability – Individuals can obtain and reuse their personal data for their own purposes across other services.
  • The right to object – Unless there are legitimate reasons for processing an individual’s personal data, they retain the right to object to processing.
  • Rights in relation to automated decision making and profiling – The GDPR has provisions on automated individual decision making. This reduces the risk of any adverse decisions being made without human intervention.

If your organisation has implemented symptom checking or testing, there are additional requirements you will need to follow. These include identifying a lawful basis for using the information you collect and conducting a DPIA if health data is being processed on a large scale.

GDPR for Dummies

Other Articles on Cyber Security Awareness Training You Might Find Interesting