New functionality makes it easy to meet regional data privacy compliance requirements.
As the deadline for the General Data Protection Regulation (GDPR) fast approaches, Docebo has introduced a completely updated way for administrators to manage their privacy policies within the learning platform, which makes it easy to manage multi-version, multi-language privacy policies to meet regional data privacy compliance requirements.
As of April 28, 2018, administrators using Docebo’s learning management system (LMS) can create customized privacy policies for users to accept when they register or log into the platform, establishing and assigning multi-version policies to specific users.
This new functionality is incredibly useful, especially as it relates to GDPR and helping administrators manage their regulatory compliance within the Docebo learning platform.
Multi-Version Privacy Policies in Multiple Languages
When you create or edit a policy in your platform’s default language, the language fields are mandatory. But, when adding content in a language that is not your platform’s default, the fields are not mandatory, so if you don’t populate a field in one of the additional languages, it will appear to users in the default language instead of appearing blank.
You will then need to insert a sub-policy acceptance message into the available text field and flag if it’s mandatory or not. If a sub-policy is set to mandatory, users won’t be able to access their platform until they’ve accepted the sub-policy.
Assigning and Unassigning Policies to Subdomains
Can You Update Your Privacy Policies?
The GDPR significantly alters the ways organizations must handle personal data, and this is no different within your LMS.
Among the many new rights for data subjects in GDPR, the following will apply to your LMS:
- The right of access: Data subjects have the right to access any personal data and to be aware of and verify the lawfulness of that data’s processing.
- The right to rectification: Gives that learner access to their collected data if they notice something is inaccurate or incomplete.
- The right to be forgotten: data subjects can have their information removed or deleted if it’s proven that there is no compelling reason for a business to continue processing any of that information.
- The right to data portability: Data subjects can obtain and reuse their personal data for their own purposes across different services to move, copy or transfer personal data from one IT environment to another safely and securely, without hindering usability.
- The right to object: GDPR gives LMS users the right to object to having any personal data used for direct marketing, profiling or processing for research or statistics. That means you must give LMS users a mechanism to opt-out of marketing communications any time you request their personal data. You will need to include explicit mentions of any other reasons for collecting personal data on your LMS.
- The right not to be subject to automated individual decision-making resulting in decisions having legal or significant effects: Any processing activity that is wholly automated and leads to decisions that impact individuals in a significant way is prohibited unless such processing can be justified on one of three bases set out as exceptions under Article 22(2), namely: performance of a contract, authorised under law, or explicit consent.
- Include all information required by GDPR in their privacy notices and to apply relevant best practices. Users are able to easily define and maintain security policies that detail your organization’s personal data-handling best practices concisely and transparently. Your policy is also easily accessible, should be written in clear and plain language and can be translated in the user’s own language.
- Provide an effective way to define and maintain data privacy policies and procedures for obtaining consent in accordance with the GDPR.
Why This is so Important?