By now, you’ve heard of GDPR (General Data Protection Regulation). It’s a regulation in EU law on data protection and privacy for all individuals within the European Union and is a considerable improvement over the older version Data Protection Act
So if you are operating in the EU, partly or entirely, you may want to pay close attention to GDPR. With a few days to go, we’ve put together a brief guideline to assess your LMS or eLearning software for compliance.
What Does It Mean To Be GDPR Compliant?
Before we go any further. What exactly is GDPR? It is a major update on the outdated 1995 Data Protection Law that was designed to protect customers’ use of data and privacy online. This lead to the EU to draw up and approve the new and improved GDPR. With GDPR, businesses must do all they can to protect the personal data of their users within the EU and all member states, and make use of that data responsibly. So how do you make your LMS GDPR compliant?
Checking your LMS for GDPR Compliance
Confirmation of Consent
Building a list of customer names, contact details and other particulars without explicit and informed consent is bad practice, but with GDPR it becomes illegal. You can no longer assume that silence is consent. You are also required to ensure that consent is specific, referable and unambiguous at any time that new data is added.
Responsible And Justified Data Usage Within LMS Products
In some cases, systems designed and built without data protection in mind can tend to make use of, or hold data for longer than necessary, and sometimes indefinitely. Data which does not need to be stored, especially without a clear consent from your LMS users and customers, must be addressed. This means out-dated data flows would need to be redesigned or optimised to be made more efficient.
There are two things to keep in mind:
1) Assess Data Portability: This is required for LMS or eLearning software products that required data to be transferred across platforms. This leads to non-compliant methods of transferring or tracking data such as storing of user data in word documents or spreadsheets to be rendered illegal. It also means that data transfer between one database to another must be done responsibly.
1) The Right To Be Forgotten: This means that any piece of user data must be trackable and easily located when the owner of that data wants it deleted. Data deletion is handled in the form of a formal request made by the user. The user also has the right to a data dump (direct download of all their data and various uses over time) together with its history of use.
When Buying Your Next eLearning Software, Look Out For This:
It’s crucial to understand that you as the customer (eg: Hospitality company owner who is looking to implement an eLearning tool within the company) are also responsible to ensure that any software or usage therefore is GDPR compliant and that your employee data is being handle responsibly.
Understand User Profiling
GDPR is designed to safeguard around misuse or misinterpretation of user data. In an eLearning solution like Innform, it becomes fundamentally important to not only source the right information from the system but also to interpret that data correctly: Essential for management, and important for the safety of the user.
Ask your LMS or eLearning provider how their system uses data and in which formats
The revised GDPR which comes into action on May 25, protects customer data but also goes a step further. Data formats also need to be compliant. Furthermore, any data handler within your training team must ensure good handling and management of data. This means any user data inputted into your LMS system should be transparent, readable and organised logically – in such a way that users can understand it and manage it themselves. This extends to reporting and data visualisation.
This is potentially one of GDPR’s most long awaited improvements. For far too long, out-dated LMS systems generated reports or user performance data which is difficult to read by managers, let alone learners! a succinct and logical presentation is not only GDPR compliant, but also leads to better and faster user experience.
Evaluate The LMS’ Data Portability
With the introduction of GDPR, learners using eLearning tools like Innform have transparency secured – this means all of their data must be accessible via mobile device or desktop at all times. This means that your learners have the right to access their data how and when they choose to.
By extension of this, the LMS must have a two-way feedback system of some sort to ensure that data is indeed being accessible on time, in the right formats and on the right platform. When this is not the case, your LMS provider must prioritise an amendment to guarantee this access.
GDPR is coming, but Innform is ready! 🙂
GDPR can sound daunting, if not a tad scary. But with all the above guidelines in mind, and with companies out there making the right adjustments to protect employees’ data, it is certainly a step in the right direction.
At Innform, we embraced GDPR and made it part of its DNA from day one. Everything from marketing and data flows within the tool it self and has been designed with GDPR values at its heart. So we’re ready to train employees responsibly, and we hope to see you trying out Innform Beta in July!