Data, privacy and GDPR are hot topics right now. You’ve probably been inundated with opt-in emails and updates about privacy policies, a signal of the efforts organizations are making to protect your data. So, what is Elucidat doing? And what do you need to do to ensure your elearning courses are compliant?
At Elucidat, we’ve always been extremely diligent about looking after your personal data. We’ve always been fully compliant with the Data Protection Act in the UK, and the privacy shield in the US. But now, an important new piece of EU legislation is raising the bar even further: GDPR.
If you’re not sure what GDPR is, you’ll definitely want to get familiar with it as soon as possible. Non-compliance can mean fines of up to €20,000,000 or 4% of a company’s annual turnover, whichever is greater. GDPR comes into effect on May 25, 2018. TechCrunch has an explainer video about it if you’re completely new to this.
What is Elucidat doing to comply with GDPR?
Over the last six months, we’ve been working with external auditors to review every aspect of our business and every process involving personal data. We are ready for GDPR and can confidently say that your data is safe with us.
What does GDPR mean for you and your learners?
Any online learning platform you use is likely to store at least some data about you and your learners.
When it comes to Elucidat, we store:
- Usage data about your Authors, and what they are making; and
- Usage data about your Learners, and what they have done in your courses
Depending on what Elucidat options you have used, and how your LMS is configured, this means we could be storing personal data about individuals on your behalf.
In GDPR language, you are a Data Controller, and Elucidat is a Data Processor.
Bear with me – this is easier than it sounds.
If you are the Data Controller, you need to be clear with your learners on what data you are storing about them, why you are keeping it, and what rights they have. This is called a Privacy Statement (or Policy, sometimes Notice).
Unsure about whether you are the Data Controller or Processor? The ICO has a useful guide to key data protection definitions here.
How to make your elearning courses GDPR compliant
The first thing you need to understand is how your learners get to your courses. This is important, because you need to show your learners your Privacy Statement when they get started.
Learning Management Systems and GDPR
If your Learner gets to your course by logging into an LMS (Learning Management System), good news! The correct place to put the Privacy Statement is in your LMS. They should be shown the Privacy Statement when they log in or create an account.
In most enterprises, the team responsible for managing the LMS is different than the team creating the learning. If you’re in this second camp, there’s a good chance you don’t need to do anything at all!
Websites or Apps
The same is true if your learner gets to your course via a Website or App. In that case, the correct place for the Privacy Statement is in the App or Website itself.
However, if your learners log into your courses directly via an online release, then you should provide a Privacy Statement within your courses.
To help you with that, we have several resources available:
First – this video from our brilliant support team shows how to add a popup into your Elucidat courses to hold your Privacy Statement:
Second – below are some useful links to resources that will help you write your Privacy Notice (Please note that we are not qualified to give legal advice, so it is very important for you to get any text reviewed before use).
As a reminder, your privacy notice needs to tell people:
- who you are
- what you are going to do with their information
- who the information will be shared with
Read the ICO’s guidelines on what to include in your privacy notice. (They are much better qualified than us to give advice on this!)
The ICO also provides a really useful checklist to make sure you’ve got everything covered! See the checklist here.
If you have any questions about our GDPR support, or any of the details in this document, please do reach out to our superstar support team at firstname.lastname@example.org.