Posted May 25th 2018
Enforcement of the European Union’s (EU) General Data Protection Regulation (GDPR) rules came into effect on May 25, 2018. While there’s a ton of info available about GDPR itself, it’s important as a Wyzed administrator to know how your learning system could be impacted by this unprecedented data privacy regulation.Simply speaking, if any of your learners (employees, partners, and customers) are located in the EU, you’ll have to make sure any data collection and processing activities performed within your system are compliant with the regulation, even if your organization isn’t based there. Non-compliance comes with a big price tag, so we’re here to helpmake GDPR compliance easy and effective.
What is the purpose of the GDPR?
The GDPR’s purpose is to strengthen the rights of EU citizens with regard to how their personal data is used and how it’s protected. The legislation introduces robust requirements that elevate and harmonize standards for data protection, security, and compliance across the EU.
Personal data is any information that relates to an identified or identifiable natural person (data subject), such as:
– Name – identification number – location data – online identifier – other specific factors (related to the physical, physiological, genetic, mental, economic, cultural or social identity of that person)
Data Controller vs Data Processor
What does the GDPR specify for data controllers?
GDPR intensifies the standard for disclosures when obtaining an end-user’s consent, which must be “freely given, informed and unambiguous.”
Good Privacy Practices
The GDPR introduces also the of the concepts ‘Privacy by Design’ and ‘Privacy by Default’.
Privacy by Design holds that organizations need to consider privacy at the initial design stages and throughout the complete development process of new products, processes or services that involve processing personal data.
GDPR and Children under 16
The GDPR takes the data of children under the age of 16 especially seriously. Essentially, personal data of a person under the age of 16 cannot be stored in your learning system without firstly obtaining parental consent. Wyzed provides a means by which to ask a user upon signing up if they are under the age of 16, but it does not provide a means of obtaining parental consent. Obtaining this consent is the responsibility of the data controller and you will need to implement procedures to ensure consent is obtained prior to a child joining your learning system, or prior to creating an account on behalf of a child.
How Wyzed Can Help You to Comply
We want to make it as easy as possible for you as the data controller to comply with the GDPR regulations. We provide you with three simple means of complying:
Although we have made all attempts to ensure the accuracy of the information we provide, it cannot be considered legal advice and further clarification should be sought to ensure your organisation’s compliance with local and international regulations.