With GDPR taking effect at the end of this month, organisations need to make sure that their LMS supports GDPR compliance. GDPR affects every organisation that operates within the EU, whether they are based inside the EU or not, meaning that this affects many global organisations. The risks involved if you fail to comply with GDPR can be catastrophic for many businesses, ranging from significant financial fines to serious reputational damage associated with not protecting users’ personal data, making it essential that you’re prepared before the deadline on 25th May 2018.
We knew that supporting GDPR would be a major priority for lots of our partners and customers, which is why we decided to release a special version of our LMS, Totara Learn 11, to support our subscribers who need to comply with GDPR. In this post, we’ll give a quick outline of what’s in the latest version so you can be confident that you’ve chosen an LMS that supports GDPR.
Create a site-wide use policy
When your end users access their learning via Totara Learn 11, you can set up a site-wide use policy that they must review and agree to or decline. All responses are recorded within the system, with versioning to allow you to update policies as required and see who has agreed to which version of the policy. Users can also visit a dedicated site policy page and amend their agreement if necessary. It is also possible to give access to multiple translations of the same policy, which is especially useful for diverse global teams.
Access and export data
With Totara Learn 11, administrators have the ability to export all data linked to a given user, and if the administrator creates an export type allowing users to export this data themselves, then the user can also request or download the file. They can also review the data prior to transmitting it to the individual. This export file allows the individual to review the type of personal data processed within their Totara Learn site and reconcile this with their version of the site policy. This may include data such as quiz answers, 360° feedback responses, course enrolments, progress and completions, site logins etc. With Totara Learn 11, the user will be able to see exactly which data is being stored and processed, giving them better visibility of their personal data use.
Totara Learn 11’s data export feature gives you the ability to provide all user data in a consistent format that allows for porting of data. It is also possible to export key learning data in a more human readable format via Totara Learn’s report builder and record of learning areas.
Retaining and deleting data
In Totara Learn 11, administrators have the ability to create and manage multiple ‘purge types’. Each purge type has its own configuration, meaning you can specify the retention, deletion and anonymisation requirements of various user data types throughout your platform. Users may have purge types applied to their accounts so that their data is processed in accordance with your organisation’s data retention requirements.
Along with these important GDPR updates, there are also several more improvements to Totara Learn 11. These include improvements to the management of scheduled reports with better insights and more control, easier graphic-based navigation with featured links and new activity access restrictions for more targeted, personalised learning.
Thinking about upgrading to Totara Learn 11? Why not download our info sheet which covers everything you need to know about the latest version? You can also download our free HR guide to GDPR for a more in-depth look at the upcoming regulation.