How GDPR relates LMS

What is GDPR and How GDPR Affects to your LMS

GDPR stands for General Data Protection Regulation – probably the most significant piece of legislation introduced in the past two decades, with a view to protect and empower the data privacy of citizens in EU countries. It applies to all organizations that operate within EU and use personal data of those citizens.

What the GDPR says

The regulation came into effect from May 25, 2018, and requires that organizations must take explicit consent from individuals to collect and use an individual’s information; the consent must be lucid and discernible, easy to understand, and must be accessible as well. It further stipulates that these individuals should be able to withdraw this consent just as easily as they gave it. This means that companies have to ensure that personal data is handled as per law and with transparency, and for a specific purpose. Again, once the purpose is realized, the data must be deleted.

Penalty for Non-compliance

Heavy fines are levied on companies for data breaches and non-compliance of regulation. The fines could go as high as € 20 million, or 4% of their annual global revenue, whichever is higher. The regulation applies not only to companies operating within the EU, but all over the world – as long as you collect information from EU citizens, you need to be GDPR compliant.

What is Personal data?

This is any information that can be used to identify an individual – address, email, phone number, profile picture, account info, medical records, social media posts, bank details – and anything else that can be used to identify a person either directly or indirectly.

Top LMS Software solutions of 2018 which you can find and compare LMS software.

So what does this have to do with your LMS?

LMS Software

Every Learning Management System collects user data; if those users happen to live in the EU, it is critical that you are compliant with the GDPR. If your LMS vendor is outside the EU it does not absolve you or your vendor from compliance. Even if one of the users whose data is collected by the LMS is an EU citizen, they must ensure that they adhere to all the conditions specified in the regulation. It also gives users certain rights:

  • If the users want to know what information you hold about them, you must provide it to them – this could include evaluation records, attendance records, test scores, appraisal comments, and more.
  • If the user feels that there is some error or omission in that information, they have the right to get it rectified to reflect the correct information. The repercussion of this is that in case you have shared this data with a third party, it is your duty to inform the said third party about the rectification made.
  • They can object to having their personal data used for direct marketing, processing for research and statistics. You should present this right to the users at the outset; you also need to explicitly mention the reasons for which you will use the individual’s data.
  • The user can also restrict further processing of data you collect. For example, if the user feels that the wrong test scores are recorded, they can contest that entry. You will not be able to use that information for purposes of comparison or statistics – basically process it further, till the issue is settled.
  • Users will also have the right of data portability. If they want all their information for say, applying for jobs – the LMS provider needs to give it to them in a machine readable format, so that it can be easily used in another system

At IPIX Tech Solutions, we pride ourselves on being top of not just technological innovations, but the changing global regulatory and compliance environment. We strictly adhere to all regulations and compliance requirements – and you can trust us to be diligent and make judicious use of your personal information. If you’re looking for an efficient and reliable learning management system for your organization, you’ve come to the right place. IPIX LMS makes learning fun and engaging, and empowers your employees; it’s also GDPR compliant, so if you have a presence in the EU, you’ve got nothing to worry about if you use IPIX LMS. Get in touch with us today to know how IPIX LMS can be implemented in your organization.