Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

What is Valid GDPR Consent?

title 1

about the author

Share this post

The landmark legislation has changed the way organisations approach data privacy and put consumers back in the driver’s seat, giving them a greater control over how their data is stored and processed.

When the GDPR came into effect on the 25 May 2018, it signalled the biggest shake up of data privacy laws in 20 years.

The legislation was introduced to reflect our increasingly digitalised world and recognise the rights of individuals with regards to the use of their personal data.

Pretty much every service we use, whether it’s a social media platform, retailer or bank, will collect, analyse and store our personal data. Under the GDPR, organisations are now duty bound to demonstrate they are handling this data lawfully, fairly and in a transparent manner.

The EU defines ‘Personal Data’ as any information that can be used to directly or indirectly identify an individual (data subject). This can include everything from a name, email address, IP address and images. It also includes sensitive personal data such as biometric data or genetic data which could be processed to identify an individual.

Processing personal data is generally prohibited unless it’s been permitted under applicable law or the data subject has consented to the processing. However, consent is just one of six legitimate purposes that are required for all processing of personal data.

Valid GDPR Consent

Under the GDPR, ‘lawful processing’ is only possible when:

  • There is consent from the data subject
  • Processing is necessary for the performance of a contract with the data subject
  • Processing is necessary to comply with a legal obligation
  • Processing is necessary to protect the vital interests of a data subject or another person
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise official authority vested in the controller
  • Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where interests are overridden by the interests, rights or freedoms of the data subject

What is consent?

what is consent under GDPR

Consent is a way of building trust between a user and an organisation. As defined by the GDPR: “Consent is a freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or a clear affirmative action signifies agreement to the processing of data relating to him or her.”

Consent is defined as being fairly narrow from a GDPR perspective. For instance, if a user supplies consent for their data to be used for the purpose of a cyber fraud detection and their data is later used for marketing purposes without their knowledge or choice, then that is a violation of the personal privacy of the data subject.

Also consent forms cannot be embedded in length terms of service agreements. To ensure transparency, consent forms must be separate, specific and explicit in nature.     

What Makes Consent Valid?

GDPR valid consent

When consent is required to process personal data, the following conditions must be met in order for that consent to be valid:

1. Consent needs to be freely given

For consent to be freely given, the individual must be able to choose whether or not they want their data processed. If the individual has no choice in the processing if this data, then consent is not freely given and will be deemed invalid. The individual should also be able to refuse consent without any negative repercussions and have the ability to withdraw their consent at any time. Consent should be unbundled from other terms and conditions where possible.

2. Consent needs to be specific

Consent should be specific to the actual purposes for which the data will be used. As specified by the GDPR: “obtaining valid consent can only be done after the data controller has determined a specific, explicit and legitimate purpose for the intended processing activity.” When the processing has multiple purposes, consent must only be given for the purposes based on consent.

3. Consent needs to be informed

For consent to be considered valid, the individual needs to know:

  • The identity of the organisation processing the data
  • The purposes for which the data is being processed
  • The type of data that will be processed
  • The option to withdraw consent

4. Consent needs to be unambiguous

Consent should be given by a clear affirmative act so that the wishes of the individual are clear. The request for consent needs be in clear and plain language, intelligible and easily accessible. This could be by a written or oral statement. Silence, pre-ticked boxes or inactivity do not constitute valid consent.

What are the rules on children’s consent?

Parental consent is generally required for those under 16, although the ages required for consent vary by EU participating country. In addition, reasonable efforts need to be made to verify the identity of the person providing the consent on behalf of the child.

The process of consent may be stricter under the GDPR, but it provides organisations with the opportunity to develop greater levels of trust and transparency with their customers.

MetaPrivacy has been designed to provide the best practice approach to data privacy compliance. Contact us for further information on how we can help your organisation improve its compliance structure.

Further Reading:

How GDPR will affect the right to be forgotten

The Top 5 GDPR Myths

Five ways your business can benefit from GDPR

DISCLAIMER: The content and opinions within this blog are for information purposes only. They are not intended to constitute legal or other professional advice and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances, the Data Protection Act, or any other current or future legislation. MetaCompliance shall accept no responsibility for any errors, omissions or misleading statements, or for any loss which may arise from reliance on materials contained within this blog.

Other Articles on Cyber Security Awareness Training You Might Find Interesting