Demo Alert!

More than ever, companies need reliable data protection that is easy to implement, flexible, and scalable. Join us on September 21st at 2PM ET to learn about the power and simplicity of Metallic with a live demo of our Microsoft Office 365 and Endpoint backup and recovery solutions.

Metallic and GDPR Compliance

The General Data Protection Regulation (GDPR) is widely considered to be one of the most stringent privacy and security laws in the world.  The regulation was written and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target, collect or in any way process data related to individuals from the EU. The data protection framework introduced by GDPR laid out extensive rules on how to process data and defined obligations of those who process data. The regulation became applicable on May 25, 2018.

Metallic is committed to supporting our customers’ compliance with GDPR

  • Metallic prioritizes the privacy and security of the data we protect with our entire product suite: Metallic™ Office 365 Backup & Recovery, Metallic™ Endpoint Backup & Recovery, and Metallic™ Core Backup and Recovery.
  • When Metallic provides services to our EU customers as a data processor on their behalf, we will ensure that we comply with the specific requirements for data processors.
  • When we appoint third parties to act as sub-processors, we’ll also ensure that we have appropriate terms in place to comply with the GDPR and safeguard customers’ data.
  • Metallic is committed to making our products and services better every day, so our partners and customers can continue to use our services, with confidence, in a manner that supports their compliance efforts.
  • One of the aims of GDPR was to minimize the fragmentation of data privacy laws throughout EU. However, EU Member States in certain cases are still able to introduce national legislation to further specify the application of GDPR rules. In addition, GDPR is subject to interpretation by Data Protection Authorities and courts (e.g. by means of guidelines, decisions). We are closely monitoring all relevant developments around GDPR in order to provide solutions that enable our customers to stay on top of the ever-changing data protection compliance landscape.

Requesting the data processing agreement

In accordance with GDPR, our relation with customers (data controllers) is governed by the Data Protection Addendum (DPA). View Metallic’s Data Processing Addendum.


Contact our data protection officer

If you have questions about Metallic data processing practices, the Privacy Policy, or GDPR, feel free to reach out to our Global Data Governance Officer at GDGO@commvault.com.