All GDPR requests should go from the data subject (an itslearning user) to the Data Controller (an itslearning customer), who in turn may or may not use our functionality or ask itslearning for help to exercise the right for the itslearning platform. Each individual request needs consideration and processing before action is taken. The rights of the data subject are described in Chapter 3 of GDPR (https://gdpr-info.eu/chapter-3/ ). These rights are not absolute, and should be processed in the context of both GDPR and local regulations.
Please note that according to GDPR there are exceptions to exercising the rights of the data subject when the data is considered necessary:
- to exercise right of freedom of expression and information of other data subjects
- to comply with legal obligations or the performance of a task carried out in public interest
- for archiving, historical or statistical purposes
Under GDPR, the data subject rights are between him and the Data Controller. Any data subject requests from end users to itslearning will be handed over to the customer. itslearning will cooperate in good faith with customers to ensure they can exercise the rights of the data subjects in a prompt manner.
In addition to administrative and other functionality already available in the itslearning system, the itslearning DPO and our service team are available to help our customers as Data Controllers satisfy the right of the data subject.
Below is a description of how some of the rights can be exercised with the help of itslearning functionality.
Performing actions to satisfy the rights of the data subject
When a request from a data subject is received and accepted by the Data Controller, they should contact itslearning support.
To help our customers satisfy the rights of the data subject, we have added a “GDPR tool” to assist administrators perform the necessary actions. This tool will be enabled after the initial contact with support. The tool will then be available to the system administrator. The actions available will help with giving access to what data are stored related to a data subject, edit his or her information, restrict or delete data. Details for each action can be found below.
To access the GDPR tool, the administrator must go to Admin -> Users and access rights, search for the data subject in question, and click the shield icon to the right, as indicated in the screenshot below:
Clicking the icon will first ask for confirmation that the correct user is selected (in case there are multiple users with the same name):
After confirming that it is in fact the correct user, options will be available to help with the next steps.
Each of these actions will require the administrator to enter a reason for performing the action, which will be logged.
In general, this tool is “instant” meaning the actions performed will be processed without delay. Some actions might however take some time to complete. This is to ensure that performance of the system is maintained should the request include extensive amounts of data.
The right to access and data portability
The data subject has the right to obtain information from the Data Controller about what personal data are processed, how and why. In some cases, the data subject may also have a right to transmit those data to another Data Controller. This is described in the DPA.
To access the specific information stored in itslearning related to a data subject, the administrator should access the GDPR tool and select PREVIEW/DOWNLOAD. This will create a file in xml format with all information stored related to the data subject. Please note that generating this file might take some time, depending on the amount of information stored in each case. The file will be available for download once it is generated.
Data in the “Internal logic” category will not be included.
The right to rectification
Should there be inaccurate, incomplete or erroneous personal data concerning a data subject, he or she has the right to have the Data Controller rectify it.
More details about this right can be found in Article 16 of GDPR (https://gdpr-info.eu/art-16-gdpr/).
In many cases the user can correct information himself in the itslearning interface. In other cases, and most commonly, information about a person like name, email address and so on should be edited in the external student information system and synchronized with itslearning. Other types of data can be corrected by teachers or administrators in the itslearning system. We have included a link to more help on rectification in the GDPR tool.
The right to restriction of processing
More details about this right can be found in Article 18 of GDPR (https://gdpr-info.eu/art-18-gdpr/).
Restriction will be performed as a “soft delete” when the administrator selects RESTRICT in the GDPR tool. The effect will be the same as if the user was moved to the trash can in itslearning. All information about a user will be removed from UI, but not irreversibly erased.
This might in some cases mean that the user name is anonymized while content is kept available (pseudonymization). The table below outlines how this is handled in the different categories of personal data:
|Category||Effect of RESTRICT|
|Personal information (contact information)||Not visible|
|Course material (produced by user in context of teaching)||Anonymized, unless the material exists so that it is only available to the data subject in question|
|Assessments (given by teacher to student)||Still visible and not anonymous if the teacher is restricted, as the assessments are still of value and affecting the rights of the student.|
|Calendar entries||Personal events are no longer visible, shared events are anonymized|
|Student responses||Not visible|
|Internal logic||Never visible|
Restriction is reversible and can be performed by restoring the data subject (user) from the trash can. When restriction of processing is lifted, the Data Controller is obligated to inform the data subject.
The right to erasure (“right to be forgotten”)
In almost all cases, deleting a user and his related data, will be done because the purpose for processing his data is no longer valid. Most commonly this is because a student left school, a teacher changed jobs, or because the customer has terminated the contract with itslearning. In these cases, we recommend that the normal flow for deleting users is used:
- Move the user(s) to the trash can or mark them as deleted in the external system.
- Complete the process by emptying the trash can, after which the user(s) and their data will be permanently deleted from itslearning.
Deleting information related to a specific data subject request based on his right to erasure as defined in GDPR, can be done by accessing the GDPR tool and select DELETE. More details about this right can be found in Article 17 of GDPR (https://gdpr-info.eu/art-17-gdpr/). This will completely erase any information related to the data subject from the itslearning platform, with some exceptions mentioned in “Roles and responsibilities” above.
As an example, this will include assessments given by a teacher to a student. If the teacher is deleted, these data will still remain in the system to retain the rights of the student.
Please note that this action is not reversible.
|Category||Effect of DELETE|
|Personal information (contact information)||Permanently deleted|
|Communication||Permanently deleted when all affected users are deleted. For example, a group conversation in the message system is deleted when all participants of that conversation are deleted.
Bulletins and discussions are deleted when the course they belong to is deleted.
|Course material (produced by user in context of teaching)||Anonymized, unless the material exists so that it is only available to the data subject in question (in which case it is permanently deleted)|
|Assessments (given by teacher to student)||NOT removed if the teacher is deleted, as the assessments are still of value and affecting the rights of the student.|
|Calendar entries||Permanently deleted if personal, anonymized if shared|
|Student responses||Permanently deleted|
|Internal logic||Permanently deleted|
Changes in deletion policy:
We’ve also made some changes to what happens when a user is deleted. There are two types of deletion:
- Soft delete, which is what happens when a user is moved to a trash can or the RESTRICT option is used in our GDPR tool.
- Permanent delete, which happens when the trash can is emptied or DELETE action in GDPR tool is used.
We’ve discussed the deletion of user data with our Data Protection Officer, and have made some improvements to our process. Going forward, you will notice that the name of a deleted user no longer shows up in the User Interface (UI), with a few exceptions. There are three possible outcomes when a user is deleted:
- The information is completely removed
- Data/content is kept, but name of user is anonymized- this is new compared to previous functionality!
- Data/content is kept, and the name of the deleted user is still visible
The decision on what happens in the case of each piece of information we store, is taken on the basis of GDPR guidelines. We cannot delete data that affects the rights of other users, and in some cases that also includes the name of the user that is deleted. This is the type of data we store, and what happens to it in each situation:
|Category||Examples||Soft delete||Permanent delete|
|Student responses||· Answer to assignment (including uploaded files)
|Removed from UI||Removed permanently|
|Person profile information||· User name
||Information is removed from UI||Removed permanently|
|Internal logic||· Last used selection in dropdowns some places
|(Not visible in UI – no action needed)||Removed permanently|
|Content produced by user in context of teaching||· Note
· Uploaded document
|Name of user is anonymized, except on shared content in Library. Content is kept if it is shared with other users (courses/projects with other participants, Library).||Content is removed permanently if it is not available to other users. Deleted when course/project is deleted.|
|Communication||· Messages (IM / Old messages)
|Messages: Name of user is anonymized
Bulletins and comments: Name of user is anonymized
|Messages: deleted when all users in thread are deleted.
Bulletins and comments: Deleted when course is deleted.
|Assessment given by teacher||· Assessments (grades)
· Attendance comments
|Kept and visible, including the name of the user||Kept and visible until the student it affects is also deleted|