The most common misunderstanding when it comes to data privacy is that it is about what type of personal data you store. While the type of data stored by an application intuitively can seem either fine or invasive to your privacy, you cannot assess if a service is lawfully processing data just by looking at the data set. I often get questions around the European General Data Protection Regulation (GDPR), so have put together this short blog post to answer some of the more frequently asked questions.
When is data processing lawful?
There are six lawful reasons for processing personal data, but they all require a purpose.
Consent
Performance of a contract
Legal requirement
Legitimate interest
Vital interest
Public interest
A consent-based approach to lawfulness is often the one that most suits. But it is important to remember that there are these other reasons why an organization can process your data. However, all processing needs to have a clearly defined, transparent purpose to be lawful.
What personal data is an organization allowed to process?
GDPR works on the principle of data minimization. So collecting a name and e-mail should be fine. Collecting information on a person’s gender would be unlawful, because the purpose of the processing does not indicate any need for it.
What type of security is needed to protect the data?
Understanding the purpose, together with the types of personal data you store will give you a good indication of the level of security needed. What is the worst that could happen if someone hacked your database and exposed all subscribers as cat lovers? And what safeguards should you put in place to avoid it? While our example might seem trivial, abusing e-mail addresses is one of the most common ways to commit fraud, and can easily link a person to other sets of personal data. So, make sure to create a solution that has appropriate safeguards in place, or select a reputable vendor with good security in place.
How to collect personal data and inform users?
The purpose will be the starting point for informing users. Nobody should be led to believe that this is a mailing list for dog lovers, only to be spammed with cat videos. The guiding principle is that your processing needs to be transparent.
When must an organization delete personal data?
Most purposes will have a start and an end. If the purpose is no longer valid or if the processing is no longer lawful, you must delete the information. Since this is an opt-in system, the purpose would end once the consent is withdrawn, or if the organization shuts down the service all together.
If you, as a user, are concerned with the types of personal data a service processes about you, here is what you need to find out:
What is the purpose for this service processing my data?
What is the lawful reason given for processing the data?
Does the vendor appear to be protecting my data in a reassuring way?
Does the data I am asked to submit seem reasonable in light of points 1, 2 and 3?
The great thing about GDPR is that it mandates that controllers should make this information easily available to users of the service. Hopefully, we will see a lot more transparency with regards to data processing purposes and better protection of our personal data.
itslearning is one of the first LMS providers to become GDPR compliant. For more information, please visit our GDPR page.
John-Arthur Berg, itslearning Originally published April 9, 2018. Updated Oct 19, 2021
Subscribe to our newsletter
Keep reading…
Five classroom activities for Kid Inventors’ Day
News
Five classroom activities for Kid Inventors’ Day
January 16, 2023
How to engage your students in the new year
Community
How to engage your students in the new year
January 13, 2023
itslearning at the 3rd International Lillehammer Lifelong Learning ICDE Conference in February
Community
itslearning at the 3rd International Lillehammer Lifelong Learning ICDE Conference in February
January 10, 2023
itslearning proud to sponsor African Promise Christmas carol service
Community
itslearning proud to sponsor African Promise Christmas carol service
December 2, 2022
Educators agree data protection and user-friendliness are the main reasons to use an LMS
Higher Ed
Educators agree data protection and user-friendliness are the main reasons to use an LMS
November 29, 2022
Tanzania is raising the quality of education together with itslearning and the Norwegian government
Higher Ed
Tanzania is raising the quality of education together with itslearning and the Norwegian government
November 24, 2022
How lifelong learning is changing 21st-century society
Community
How lifelong learning is changing 21st-century society
November 15, 2022
itslearning externships offers University of Bergen students real-world experience
Community
itslearning externships offers University of Bergen students real-world experience
November 10, 2022
Every Educator Needs a Modern, Versatile and Empowered Way to Support Students’ Progress
Community
Every Educator Needs a Modern, Versatile and Empowered Way to Support Students’ Progress
October 26, 2022
How did a new LMS drive pedagogical transformation at the University of Southern Denmark?
Higher Ed
How did a new LMS drive pedagogical transformation at the University of Southern Denmark?
October 24, 2022
itslearning at the 28th Annual OEB Global Conference in Berlin
Community
itslearning at the 28th Annual OEB Global Conference in Berlin
October 20, 2022
DevDays festival – putting users first
Community
DevDays festival – putting users first
October 10, 2022
The new itslearning and Microsoft Teams integration
Higher Ed
The new itslearning and Microsoft Teams integration
September 15, 2022
Layering security to protect your data
News
Layering security to protect your data
June 21, 2022
Data security and a good support package are essential when choosing an LMS
Community
Data security and a good support package are essential when choosing an LMS
May 18, 2022
itslearning now available in Ukrainian
Highlights
itslearning now available in Ukrainian
May 3, 2022
University Campus Oldham migrates from an Open Source LMS to itslearning
Community
University Campus Oldham migrates from an Open Source LMS to itslearning