The GDPR comes into effect on May 25 2018. Here at NetDimensions, we’re busy getting ready to meet GDPR LMS requirements. But how ready are you?
If you’re reading this, then you probably know that the GDPR is a major update to European data protection laws. The GDPR will affect businesses around the world given its very wide reach and applicability. It regulates when both ‘data controllers’ and ‘data processors’ are allowed to process personal data, and which safeguards need to apply to such processing.
Many organizations impacted by the GDPR will already have their preparations well underway, but reports suggest many others are still unsure what steps to take to become compliant.
As an L&D professional, it’s critical to analyze and capture your organization’s approach to learner data management and storage. You should also review your LMS to identify the features and functionality that will help you meet GDPR LMS requirements.
If you’re struggling to get started, here are the key questions to ask:
- What personal data does my LMS hold?
- What are my organization’s current practices for capturing and storing learners’ personal data – and how are they documented?
- How easy is it for me to edit, delete or export user data out of my LMS?
In NetDimensions Talent Suite, we already have a wide range of features and tools that will help you meet GDPR LMS requirements. Plus, we’re currently working on updates that will make GDPR compliance even easier for our users.
Under the GDPR, data controllers (your organization) will need to clearly communicate to data subjects (your learners) the terms and scope of any personal data collected and stored in your LMS. Depending on the legal basis of processing, user consent may in certain situations be relied on as well.
These tools enable LMS administrators and managers to:
GDPR LMS requirements: Self-service data management
As part of the GDPR, learners have the right to access their personal data, and the right to rectification – meaning data must be updated where it is inaccurate or incomplete.
In NetDimensions Learning, learners can easily access, edit and delete personal data held by the system by going to the ‘My Profile’ and ‘User Administration’ tabs in the Settings area.
There is functionality to send learners a reminder to review their personal data. This reminder can be set to recur (for example, annually) to make sure personal data is regularly reviewed for accuracy.
NetDimensions Learning will soon also allow for extraction of a user’s personal data through a click of a button – more on that later.
GDPR LMS requirements: Data management tools
The ability to easily delete user data from your LMS will be critical under the GDPR.
Under the new regulation, employees have the right to erasure, also known as ‘the right to be forgotten’, meaning that in some cases all personal data held by an organization on a particular user must be deleted.
In NetDimensions Learning, there are a variety of tools and processes that can help, including a simple process to manage user data deletion.
When a learner leaves your organization, it’s likely you’ll need to retain their information in your LMS for a set period of time before deleting their data.
In NetDimensions LMS, you can set an account to ‘account closed’ and add an expiration date (e.g. for three months after the learner’s departure date). You can then run a report that flags all closed accounts where the expiration dates have passed – and then delete the relevant user data. You can delete user data in bulk too, making the whole process a lot quicker.
GDPR LMS requirements: What’s coming up…
NetDimensions is currently developing a range of additional features that will make meeting GDPR LMS requirements easier and more efficient.
These key features will be released in upcoming versions of NetDimensions Talent Suite:
Fast, comprehensive user data export and delete functionality at the click of a button
Targeted user data deletion and export according to a range of categories e.g. user career or exam data
NetDimensions’ commitment to data protection
While your GDPR preparations may focus on your role as a data controller of your employees’ data, you should also be verifying that your LMS supplier is adhering to their responsibilities under the GDPR.
As part of their hosting services, any cloud-based LMS provider takes on the role of a data processor under the GDPR.
NetDimensions is already compliant with GDPR data processor requirements, and as an ISO 27001 accredited organization, we have appropriately secure hosting practices in place to protect and manage our clients’ data.
Want to find out more about how NetDimensions can help you meet GDPR LMS requirements? Contact us today.