The General Data Protection Regulation (GDPR) came into effect in January 2021. It is therefore important that european businesses adhere to all the associated requirements to ensure compliance when collecting, processing and storing personal data.
The range of data protection features and user data management tools included within Totara Learn assist in making your organisation’s learning management system GDPR compliant.
Ensure Users Are Aware of Their Obligations
With Totara Learn, you can create site-wide use policies for users to review and then agree to or decline. All responses to the distributed policy agreement are recorded within a dedicated report.
Such policies can be updated as and when required in line with organisational changes or amendments to regulations. The requirement to review or accept a new policy can be communicated to users at the point of their next login. As Totara Learn supports multiple languages, such policies are automatically translated and presented to users in their selected language.
Manage The Collation and Export of User Data
Different export types can be created and managed by administrators to clarify what data a user exports themselves and what data can be exported by administrators when it’s requested from them.
A variety of export types are available in Totara Learn to further guarantee GDPR compliance. Any incoming GDPR data requests can be processed simply and your users and organisation can be safeguarded against any accidental breaches, such as the unintentional exporting of sensitive data.
Totara Learn’s export files enable users to ascertain precisely what type of personal data is collected, processed and stored within their site and ensure this is reflected in their latest site policy consent.
Standardise The Deletion and Retention of Data
A number of data removal or purge types can be managed by administrators in Totara Learn and they can then be automated or implemented as and when required by users with the associated permissions.
To enable your organisation to balance GDPR compliance with all necessary reporting and auditing requirements, each data purge type has an individual configuration. These specify the retention, deletion or anonymisation requirements of different system user types.