GDPR stands for General Data Protection Regulation; it has been formulated in the EU (European Union), and deals with privacy and protection of personal data for all persons within the EU and the EEA (European Economic Area); it also deals with the export of this data outside these areas. The objective of this regulation is to allow individuals to have complete control over their personal data, as well as to integrate the regulation within the EU and ease the regulatory framework for international business. This regulation replaces the Data Protection Directive. The GDPR contains several requirements and provisions with regard to the handling of personal data of individuals – previously referred to as data subjects in the GDPR – within the EEA; it applies to an organization established within the EEA, or any organization that deals with personal data of individuals who live within the EEA, regardless of the location of that organization, or of the citizenship of those individuals.
The GDPR states that:
- Those who handle personal data must ensure the implementation of data protection principles
- This can be done through implementing technical or organizational measures
- Any business process that handles personal information must be designed keeping in mind these principles
- Adequate safeguards must be provided for data protection – like providing pseudonyms or complete anonymity
- The default privacy settings must be set to the highest possible to prevent the data from being publicly available
- The explicit and informed consent of an individual must be obtained before identifying an individual
- Personal data may be processed only as per a lawful basis as stipulated by the GDPR, OR if the individual has provided a clear, individualized affirmation of consent to the data handler
- The individual data subject has the right to take back (revoke) this given consent at any point in time
- The personal data processer must explicitly reveal any and all data collected and mention the lawful basis for which it was collected, as well as the purpose, and the time frame for which the data will be retained
- If the data will be shared with any third party outside the EEA, full disclosure has to be made to the individual right at the beginning
- Individuals whose data is collected have the right to ask for a copy of the data collected by an organization
- Individuals have the right to ask for their data to be deleted under specific circumstances
- Any organization or business whose core activity revolves around regular collection and and handling of personal information, is mandated to have in their employment a Data Protection Officer who will be held responsible for meeting full compliance with the GDPR.
- Any data breach that occurs and has the potential to impact user privacy negatively, must be reported by the organization within 72 hours; non-compliance may result in a heavy fine of 4% of the company’s annual turnover in the previous financial year, or € 20 million, whichever is higher.
The GDPR is law and hence directly binding; it came into force on May 25, 2018.
So what does this have to do with a learning management system tool? If anyone within the EEA purchases an LMS solution and uses it for training within the EEA, the GDPR becomes binding on them because the LMS will obviously record personal information of the trainees.
At IPIX, we have over a decade’s experience in LMS application development; we have now created LMS software that integrates different capabilities like ecommerce, mobile, social, and classroom. It is a secure platform, and can be adapted to suit the specific requirements of an organization. Our LMS application can be used for training employees in an organization, through native Android or iOS apps. You can monitor the development of your employees and understand how well your organization is progressing.
The IPIX LMS let you create unlimited number of custom courses using different tools like PowerPoint and more, and you can easily manage vast training programs that include thousands of learners. It provides quizzes to help retention, and robust reporting features that let you measure the performance of individual employees as well as that of an entire batch. The learning management software developed by IPIX has clearly defined roles to control different access levels to account settings, content, groups and billing.
All of the above require personal information of employees, like name, age, contact details, educational qualification, designation, and so on, to be recorded in the system. At IPIX, we are sticklers for compliance and adherence to regulation; we have taken every conceivable step to ensure that the personal data of any individual that is recorded in the LMS cannot be used by us or by the company without the express, explicit and unambiguous consent of each individual learner who is part of the system. So regardless of whether you live in the EEA or anywhere else in the world, you can safely implement IPIX LMS in your organization – your data is 100% safe and protected.
If you want to use an online learning management solution for your organization, simply get in touch with us. We’ll be happy to explain in detail about how it works, pricing packages, and more.