The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation will become effective and enforceable on the 25th May 2018.
Digitec is fully committed to achieving compliance with the GDPR requirements to allow our customers to maintain not only a sense of security that their student’s personally identifying information is being handled properly, but also to ensure Digitec complies with this very important and common-sense regulation.
We identified the following steps required to become GDRP compliant, and our status:
◦ Thoroughly research the areas of our product impacted by GDPR – COMPLETE
◦ Appoint a Data Protection Officer – COMPLETE
◦ Develop a strategy and identify requirements on how to address the areas of our product impacted by GDPR – COMPLETE
◦ Perform the necessary changes/improvements to our product based on GDPR requirements – COMPLETE
◦ Thoroughly test all changes implemented to verify and validate compliance with GDPR – COMPLETE
◦ Finalize and communicate our full compliance – TO BE ANNOUNCED
For the most part, within our organization, client registration points occur in an AMS system, which remains master of all profile data. This leaves little to be addressed architecturally in the Knowledge Direct LMS System. In addition, Digitec stores little (and in some cases, no) personally identifiable information. This makes our compliance nearly a procedural pursuit, and for the most part in line with our data protection procedures.
We have identified, through system evaluation, that only the student deletion process needs to be addressed, which is being augmented to ensure that all personally identifiable information is destroyed when requested by an administrator or the end user. To this, we will also be adding, by customer request, a web service to complete this operation during an AMS deletion. This will be for those AMS administrators who which to automate the deletion process and enforce the ‘Right to be Deleted’ aspect of GDPR.
In further pursuit of GDPR, Digitec will respond to any customer request for personally identifiable information, if the identification of the requester can be established by our customer, and verified by Digitec.
As a blanket data usage statement, Digitec utilizes end user (Student) personally identifiable data to track status and completion within the LMS as it pertains to courseware provided by our customers. As a student’s profile data does not belong to Digitec, it is not used in any other way, nor sold to any third party. The only incident of transport to any third-party system other than the AMS with which it is integrated is with webinar platforms identified and contracted by our customer. All efforts will be made, or assistance rendered to any customer who wishes to ensure their third-party webinar provider is GDPR compliant.
The final part of the GDPR requirement as it pertains to the Knowledge Direct LMS is the breach disclosure. Policy and procedures will be finalized and implemented for immediate contact of all affected and possibly affected users and customers if the need should arise.
In closing, Digitec recognizes the storage of personally identifiable information as a privilege, and we are committed to the protection of this information at all times.
Please feel free to contact us with any questions you may have.