Skip to content
Lise Carlsen Nov 24, 20233 min read

Guardians of Privacy: How itslearning protects your data

Translation generated by an AI translation service

Schools and universities collect and process vast amounts of personal data from students and staff, and they need to ensure that this data is protected from unauthorised access, misuse, or loss. GDPR compliance is essential, not only because it helps prevent security incidents, but it ensures that data processing practices are responsible and efficient. If an educational institution is being deemed non-compliant, they can face financial consequences as well as potential loss of reputation. Higher Education providers may be even more sensitive to damages to their reputation as this may affect the student’s decision of where to apply. 

While Data Privacy laws isn’t anything new in Europe, making sure the institution is GDPR compliant can be a daunting task. Schools and universities often rely on external providers for various functions, such as learning management systems, cloud storage, or email services. These providers act as data processors, meaning that they process personal data on behalf of the data controllers (the schools or universities). Under GDPR law, data controllers are responsible for their own compliance as well as that of processors. As such, it’s essential that data controllers are aware of the security practices when using digital platforms. The task of ensuring data security in every link of the chain becomes a lot greater if the institutions employees use a lot of different systems. With the itslearning LMS, you can enjoy the benefits of an all-in-one solution that is ISO 27001 certified. This means that your data is secure, and your service is reliable.


GDPR is in our DNA  

As a European LMS provider we are used to consider data privacy in everything that we do. Data Privacy and security are always in the forefront of our mind. When we create a new solution or introduce a new integration in our platform, we follow a data privacy checklist, considering questions such as; Does this functionality require new data, or will it require us to process the data differently? Data privacy is often an afterthought for technological companies based in regions where GDPR compliance is not a common practice, such as the US. 


What does this mean to our customers? 


itslearning only process customer data in the EU/EEA

Customers can be confident that we manage their data correctly, both for themselves and their users. itslearning does not share user data with third parties without instruction from our customers. We take responsibility to keep your data safe in the whole chain. We conduct thorough impact assessments on all our partners, and don’t use any sub-processor that isn’t up to European GDPR standard. Although it’s not forbidden for personal data to flow outside the EU, itslearning only process our customer data within the EU/EEA.

itslearning is ISO 27001 certified

itslearning is one of the first learning platform providers to fully adhere to GDPR requirements. We are ISO 27001 certified which means which means we have a comprehensive security infrastructure that is verified by independent auditors. The certification is also our promise to undertake continuous risk assessment and upgrades to enhance information security. We test our platform regularly for any security vulnerabilities and fix them as soon as possible. We encourage anyone who finds a security issue to report it to us responsibly.

Customer support

The itslearning team is highly skilled in GDPR and can support our customers in answering legal requirements. Amongst other things we can assist our customers in their Data Protection Impact Assessment (DPIA). In this assessment the customer is required to provide an overview of which data they collect and how it’s managed. 

Ease of mind

Our LMS empowers educational institutions to provide a safe and secure environment for employee and student data, while prioritising efficient school management, administration, and education.  itslearning makes it easier for education providers to stay GDPR compliant by conducting thorough impact assessments on all sub-contractors and processing user data within the EU/EEA. This saves time and resources for the school and allows them to focus on their core educational activities.