What is AICC Compliance

GDPR Software Compliance: Why It Matter for LMS

What is GDPR?

What is LMS GDPR? Let’s start with GDPR. It stands for General Data Protection Regulation, a wide ranging series of reforms adopted by the European Union (EU) that are designed to protect its citizens’ privacy and give them more control over their personal data. Companies entrusted with the collection and analysis of consumer data must protect it from exploitation or abuse, or else pay a substantial fine.

A secondary aim is to streamline and simplify regulations that made it more difficult for people and companies in the European Union to participate in and benefit from the online economy. The decision to strengthen and standardize privacy protections across the EU is a response to the widespread collection of consumer data by social media and financial companies, retailers, government agencies, and retailers, among others. GDPR also spells out the data protection duties of companies and organizations that may have customers in EU nations despite having no physical presence there. Essentially this means that most if not all companies that sell products or services over the internet need to be in compliance with the GDPR regulations. 

What Does it Mean to Have a GDPR Compliant LMS?

Now, let’s get into how GDPR applies to an LMS. Think of all the companies and organizations that use a learning management system, or LMS, as their training and learning portal for their employees. If any of their employees, partners, customers, or end users happen to be based out of the EU, these companies must ensure that their LMS GDPR meets all of the legislation’s privacy protocol and data protection standards. In other words, any and all activity that occurs within your LMS must be in compliance with GDPR. If your company is using an LMS vendor that is not in full compliance with GDPR, significant fines could follow.

Understanding Personal Data as it Applies to GDPR

Under GDPR, personal data is defined as any information pertaining to an identified or identifiable natural person. Identifiers include name, identification number, location, and online profile, among other factors. In other words, only verifiably real people have data protection rights under GDPR – which is as it should be.

The Handling of Personal Data Under GDPR

GDPR includes some new terminology. Privacy by Design, for example, means that from the very outset, companies need to build privacy protections into the design of all products and services. Privacy by default is the idea that the default setting for all products must be the one that offers the highest privacy protections.

The legislation stipulates that the company’s data controller must have privacy agreements in place with any third parties who plan to use customer data that was originally collected by his company. They are also obligated to report any violations or breaches to personal data within three days. GDPR also mandates that data subjects, or consumers, must be notified directly if there is a possibility that their rights are violated.

Our Security Infrastructure

Doing everything in our power to help ensure that our customers’ personal information and privacy are protected is a responsibility that World Manager takes very seriously. Maintaining our customers’ and partners’ security and privacy is what keeps us up at night and it is the reason why we continue to make GDPR compliance a cornerstone of our company. It’s a non-negotiable.

As part of World Manager’s GDPR readiness project, we hired independent information security experts to conduct a Privacy Gap Analysis against the General Data Protection Regulation for the World Manager platform. This analysis concluded that World Manager is a data processor as opposed to a data controller, which comes with a different set of obligations. The data controller decides how and for what reason the company will acquire and use the personal data while the data processor is typically a third party who administers the data under the auspices of the controller.

Based on the results of the Gap Analysis and other expert recommendations, we took a number of measures to strengthen World Manager’s security infrastructure and ensure we are in full GDPR compliance. These steps included:

  • Updating our privacy policy and brand agreements so they are in alignment with GDPR compliance protocol
  • Identifying any gaps in our internal documentation processes that could have privacy implications
  • Developing an Incident Response and Notification Plan. If ever we discover a threat to your privacy or a violation of GDPR, this plan spells out the specific steps that we will take. This plan speaks to World Manager’s commitment to promptly notify relevant authorities and end users in the event a security breach or other vulnerabilities are detected
  • Conducting LMS GDPR training for all World Manager employees and partners so they are clear on data security and privacy protocol
  • Ensuring that our hosting provider, Amazon Web Services (AWS), has met full GDPR compliance

Most of all, we want our customers, partners, and employees to know that World Manager takes GDPR software compliance very seriously. If your company is currently seeking an LMS provider to consolidate and streamline your employee training programs, make sure to ask if they have achieved full LMS GDPR compliance.

Disclaimer: This information is meant to provide general guidelines and should be used as a reference. It may not take into account all relevant local, state or federal laws and is not a legal document. Neither the author nor World Manager will assume any legal liability that may arise from the use of this information.

The best companies use World Manager to train staff, maintain standards, and set the company up on the road to success.