Learning Management Systems have become an integral part of the eLearning design and development process in many organizations. With their advantages ranging from efficient training and development of employees to better data management inside an organization, LMS has become the big thing in today's fast-paced work environment.
But did you know that irrespective of whether you use a self-hosted, private cloud, or cloud-based LMS, if your users are based in the European Union (EU) they all must be compliant with the GDPR laws?
What is GDPR?
The abbreviation GDPR stands for General Data Protection Regulation is the latest data protection law adopted by the European Union. It was brought in place by replacing the outdated data protection directive from 1995 to ensure that EU citizens are protected from privacy and data breaches.
In short, GDPR regulates & monitors the way the personal data of EU citizens are handled by organizations, companies & individuals, and gives EU citizens full control to decide how their personal data will be used.
As per GDPR, businesses are obliged to let their customers know why they are collecting personal data and what they plan on doing with it. They also need to ensure that customers have access to all their data that is being stored and the ability to correct any inaccurate information and limit the use of decisions made by algorithms. Click here to learn more about GDPR!
What types of privacy data does the GDPR protect?
Here is the list of data that are bound by the GDPR:
- Basic identity information such as name, address, age, and ID numbers
- Web data such as location, IP address, cookie data, and RFID tags
- Biometric data
- Racial or ethnic data
- Political opinions
What does GDPR mean to LMS users?
As an LMS user, your learning activities could be impacted if any of your students, users, employees or customers are located in the EU. For that reason, all the data that is stored within the LMS needs to be compliant with this regulation
Contrary to popular belief, GDPR is not just for companies registered in the EU. Instead, it is for every organization offering goods & services to customers in the EU. If your organization were to use an LMS and any of your users, employees, or customers were in the EU, you must avail the service of a GDPR compliant LMS provider.
Non-compliance with the GDPR requirements can cost you up to €20 million in fines or 4% of your company's worldwide annual turnover of the previous financial year, whichever is higher.
Things to consider when hiring a GDPR compliant LMS Provider?
Ever since the GDPR law went into effect on May 25th, 2018, companies are responsible for ensuring that their LMS handles their employee & user data responsibly.
Today most LMS providers are GDPR compliant. However, if you are still not satisfied, here is checklist for you to make sure they are indeed GDPR complaint
1. Data Capture and Storage
The responsibility of an LMS provider is not limited to securely storing the user data but also for storing the user data in a presentable and easily accessible manner for the customers to access.
2. Accessibility and Portability
The new GDPR makes it mandatory that users who engage with an LMS platform must have transparency and access to their data from mobile & desktop devices.
Users should also be able to view/download their data in an accessible file format.
3. Data use authorization
With data privacy at the heart of GDPR, a compliant LMS system should ask authorization from users before collecting, storing, or using their data.
4. Right to be forgotten
A GDPR compliant LMS should allow the users to request the permanent deletion of their personal data.
5. Policy Report
The LMS should provide Administrators/data controllers a complete report on who has accepted terms and conditions & who has not, and who has given the authorization to use their data & who has not on demand.
6. Right to Object
A GDPR compliant LMS must give its users the right and a mechanism to object to their personal data being used for marketing or research. Similarly, the LMS should also give the users the reasons why you are collecting their data in the first place.
While we have listed the features of GDPR compliant LMS you need to know that it also depends on how the platform is used.
Is BrainCert LMS GDPR Compliant?
Yes, BrainCert Learning Management System is GDPR compliant & our platform has all the GDPR compliant features mentioned previously.
BrainCert is fully committed to ensuring maximum privacy & data security to the users of our platform. If you have any questions on GDPR compliance or about BrainCert's LMS platform, feel free to get in touch with our customer service team or schedule a free demo today.