GDPR - Security and data protection

Master International is developing and running the Metis digital assessment platform, providing professional HR assessments and tests as software-as-a-service for companies worldwide. We started preparing the organization and our already highly secure software platform for the GDPR more than one and a half year in advance, working with legal specialists and audit professionals.

At Master International all systems and processes are thoroughly documented and verified, employees are educated in GDPR, and extensive control procedures are in place. We are audited annually by Deloitte according to the ISAE 3000 standard for GDPR compliance, to make it easier for test takers, business partners and customers to ascertain that we live up to our obligations and that data security is built into everything we do. We even extended the number of audit controls to include non-mandatory areas, to make sure that for example software development and the functionality of our software were also covered. Knowing that we will have to pass the audit annually moving forward, keeps employees at all levels aware and committed so that data protection continues to be at the core of everything we do.

For test takers

As a test taker, you interact directly with the company that invited you to take a test. That is for example your employer, or a potential new employer, and sometimes an external consultancy or recruitment company. The company inviting you to fill in a test, is the data controller for your personal data, and they are responsible for making sure that you understand the purpose of filling in the test, and how your test result is used. They are also obliged to provide you with a copy of your test result, or rectify or delete data registered about you if you request it. Master International is a data processor for our customers, we do not have access to your data or your test results. When we process your data, everything is completely automated, and you can be absolutely sure that your data is kept safe, and is being protected using the best physical and digital security measures in one of the world's most secure data centers.

For customers

Any company collecting or storing personal data from EU citizens is a Data Controller, and legally responsible for what the data is used for, and that it is not disclosed to anyone else, intentionally or unintentionally. That means that your company's internal handling of personal data must be described, documented and verified, and that you must rely on the providers use to take on responsibility for GDPR compliance. When you use the Metis assessment platform, Master provides you with a GDPR compliant Data Processor Agreement (DPA) to simplify the legal setup, and to make make it easy for you to verify Master International's compliance, and thereby prove to your customers that you have a fully compliant workflow, we get audited annually by well-known independent auditor Deloitte.

 

Data protection continues to be at the core of everything we do

Jesper Starch, CTO - Master International