Mettls GDPR Readiness

Our Commitment to Ensure Complete Transparency and Build Trust

What is GDPR?

The European Union has taken monumental steps towards ensuring the fundamental right to privacy for all EU residents through the General Data Protection Regulation (GDPR) which comes into effect from May 25, 2018. The GDPR empowers EU residents by placing them in control of their personal information and upholding strict protocols for organizations who collect and process this information.

Whom does it impact?

Any organization - whether private business or public authority, irrespective of the location - that collects, stores or shares personal data of EU residents will need to comply with the GDPR in the interest of preserving fundamental rights of EU residents. Non-compliance could lead to heavy fines. This affects businesses that deal directly with the personal details of EU residents (data controllers) or those that process the data on behalf of other businesses (data processors).

What Mettl has done for GDPR readiness?

Transparency and trust are Mettl’s core values and we are committed to our customer’s data privacy and security. The GDPR aligns with this vision and we have improved our existing systems and processes for GDPR compliance.

With a clear mandate and business priority from our management team, Mettl has formed a dedicated cross-functional Compliance Team which has defined our GDPR roadmap. As of 25th May 2018, we are GDPR compliant and we continue to further improve our systems and processes in this regard.

Here’s some brief information about our approach to GDPR compliance:

Organizational Readiness

Product Readiness

We, at Mettl, see GDPR as an opportunity to reinforce our values of transparency and customer focus. These values are driving us to build robust systems, ensuring our customers data privacy and their trust.

Siddhartha Gupta

Chief Executive Officer


Any data identifying with a living, distinguished or identifiable individual constitutes personal data. It can be anything from a name, a photograph, an email address, bank details, medicinal data or an IP address.
A controller is the entity that decides the reasons, conditions and methods for processing of personal data, while the processor is an entity which actually stores and processes personal data on behalf of the controller. Both Controllers and Processors of information need to comply with the GDPR.
GDPR with its objective to expand the data privacy rights of individuals in various imperative ways, subjects both data controllers and processors that fail to comply with the GDPR requirements to potentially heavy fines.
No, the GDPR does not require EU individual information to remain in the EU, nor does it put any new confinements on exchange of personal data outside the EU.
Data Transfers from the EU to outside can be legitimized through various means including:
  • EU-US Privacy Shield
  • Model or Contractual clauses
  • Binding Corporate Rules (BCR)
Mettl online assessment © 2010-