In accordance with the General Data Protection Regulatory (GDPR), employers can share employees' personal data with third party vendors, such as Learn365, without employee consent. However, this requires the employer to inform employees that their data is being shared with the third party, that there is a legitimate interest behind the sharing, and that sharing is done in line with the requirements of GDPR.
As this is fundamental to how Learn365 functions, you'll store employees' personal data with the solution. This is part of the agreement with us. In this article, we will provide you guidance on how to ensure you meet the standards for the handling of employees’ personal information when sharing these data with us.
In this article:
- Personal data shared with Learn365
- Product functionality to meet the principle of the right to be forgotten
- Recommended practice regarding the use of employees' personal data in Learn365
Personal data shared with Learn365
As a learning management system with functionality like participants lists, mandatory training, personal notifications, and individual training progress, Learn365 is dependent on personal data in order to run properly.
However, Learn365 only collects the minimum required personal information to deliver this functionality. This includes information like account name, email address, location, and job title. Each customer’s data is stored in a dedicated Azure SQL database in the Data Center location selected by the respective customer. Please find the full list of data we collect and details of how it is being stored here.
All customer data is processed in full accordance with the requirements of GDPR. Please find details on our data processing here.
Product functionality to meet the principle of the right to be forgotten
To provide customers with the ability to meet the principle of the right to be forgotten, Learn365 includes the option of purging all records of a selected learner from a course catalog. This action can be done by people in the customer’s organization with the right level of access.
Purging all records of a user will remove all information and records of actions of that person in the course catalog and ensure that the person’s data is no longer stored in Learn365. In this way, the user can be completely forgotten in the product, if the customer chooses so.
As outlined, Learn365 solely collects personal data that is necessary for the proper functioning of a learning management system and all data is handled in accordance with the requirements of GDPR. This means there is a legitimate interest behind the sharing of personal data with Learn365 and that the sharing of data carefully follows requirements.
Recommended practice regarding the use of employees' personal data in Learn365
To comply with the standards within GDPR for processing personal data in your collaboration with Learn365, you can, therefore, rely on the following practices:
- Inform your employees of the fact that personal data is shared with Learn365, which personal data this concerns, and the reason for this. This will provide the necessary transparency.
- Allow a method for employees to rectify their personal information shared with Learn365. In this way, you will allow people their right to rectification of inaccurate personal data.
- After an employee leaves the organization, set up a function to enable employees to request to be forgotten in Learn365. This will ensure former employees their right to erase personal data in Learn365 if your organization do not have a valid reason to retain such personal data about the former employee.
You can find more information regarding Learn365 IT security management in our Trust Center, where we have collated information on security, authentication, the data that we store in Learn365, privacy, data handling security, data access, and encryption.
Comments
Article is closed for comments.