GDPR, The LMS & You

By January 29, 2018 No Comments

The European Union is full steam ahead with new privacy protections via the General Data Protection Regulation. Enforcement of these rules begins May 25, 2018. While most European organizations are probably aware of it and are considering how to ensure compliance, many organizations in the United States and other nations will also need to consider their exposure to the GDPR.

For example –

  • Do you have students that apply for and enroll from within the EU and potentially access your LMS from the EU (maybe during breaks)?
  • Do you run study abroad programs where users are traveling or living in the EU and accessing your LMS?
  • If you’re a company – do you employ any EU citizens or have any staff traveling or living in the EU or have any customers that you provide training to in the EU?

If you do any of the above, then the GDPR most likely applies to you. Both Moodle and Totara are preparing for the GDPR from a technical perspective, but many of the requirements for the GDPR are policy and process based. eThink can help you think through the implications specific to your organization, but Moodle has posted a few resources to help organizations start thinking about what they might need to change. You can get the full list on their wiki, but a few highlights are listed below.

  • Do you have users accept a site policy? If so, does it cover all the required items?
  • Do you have a list of all third parties that have access to any data related to your users?
    • Such as LTIs, portfolios, plagiarism, repositories, authentication systems, hosting companies, etc.

Moodle will be releasing a series of plugins for Moodle 3.3 and 3.4 sometime this Spring that will bring the technical compliance pieces into Moodle. These plugins will become part of core with the release of Moodle 3.5 in May. Moodle HQ is currently evaluating whether these changes can be applied to earlier versions, but their current recommendation is to upgrade to 3.3 or above before the GDPR goes into effect.

Determining your exposure and risks to GDPR compliance is a complex issue. The technology side regarding your LMS is still evolving, so watch for future blog articles.

Don’t miss a blog!

Subscribe to our Monthly Roundup to get the month’s top blog posts sent straight to your inbox.