The EU’s General Data Protection Regulation (GDPR), approved by the parliament in 2016, is the most important change within data protection regulation in 20 years. It replaces the Data Protection Directive 95/46/EC and is designed to give back the user control of his data and harmonize data privacy laws across Europe. This will protect and empower all EU citizens’ data privacy and reshape the way organizations across the region approach data privacy. All companies doing business with individuals located in the EU must comply with the provisions.
As the provider of Europe’s largest learning platform, with more than 20 years experience working with many of Scandinavia’s and Europe’s leading education institutions, we are taking all necessary steps to comply with GDPR, well in time for the new regulations in May 2018.
We are fully committed to complying with the privacy and security regulations which are applicable to our organization, our partners and our customers. Our system and services are designed to the ground to protect personal data, and we constantly update our platforms and services to maintain the highest level of data protection.
Our work towards GDPR compliance started in early 2017 with a complete audit against the legislation, which defined the milestones needed to comply with the new regulations.
The following customer-facing milestones have been identified:
- Appointment of a Data Protection Officer – Q3 2017
- Update documentation with new processes regarding the usage of personal data and the security measures around it – Q4 2017
- Implement the technical solutions to comply with GDPR – by start of year 2018
- Update customer and third-party Data Process Agreements – end of Q1 2018
- Internal control processes in place to ensure that we will continue complying and improving after the 25th of May and onward
What does it mean for you?
As an itslearning customer, it means that during the start of 2018 you will get the information necessary to feel confident that itslearning complies with GDPR. itslearning, as a processor of data, has the duty to provide information about our systems to allow all controllers to comply with the new regulations.
If you are an itslearning user, it means that we will take all the necessary measures to protect your data and that you will be able to find out what information we have about you.
As a service provider we welcome the GDPR as a great opportunity for our organization to re-assess digital strategy and build better services for our customers. All our clients and customers can be assured that we will fulfill all our obligations, both in regard to developing our system solutions and in regard to storing and protecting personal data according to the new regulations.