UpsideLMS is GDPR ready
UpsideLMS provides a robust mechanism in all its products that gives its customers the necessary tools and processes to comply with GDPR.
The General Data Protection Regulation (“GDPR”, EU regulation 2016/679) came into force on May 25, 2018. Meant to protect and empower the data privacy of EU citizens and reshape how organizations that operate within the region approach user data privacy, it is the most significant piece of European data protection legislation to be introduced in 20 years.
Headquartered in Pune, India, UpsideLMS (a part of Upside Learning) fully understands GDPR, the implications of this regulation on its customers in the EU region, and its responsibility towards them. In view of this, the company has provided a robust mechanism in all its products (including UpsideLMS, UpsideLMS Mobile App) that gives its customers the necessary tools and processes to comply with the required regulations.
Key points:
- Data Hosting: UpsideLMS uses Microsoft Azure Cloud Hosting services, which are built on Microsoft's commitment to the highest levels of trust, transparency, standards conformance and regulatory compliance with the most comprehensive set of compliance offerings of any cloud service provider.
Further, Azure is the only consistent hybrid cloud, has more regions than any cloud provider, delivers unparalleled developer productivity and offers more comprehensive compliance coverage—including meeting the requirements of the General Data Protection Regulation (GDPR).
- User Consent: In line with GDPR's first and foremost implication of companies requiring to obtain its users' consent to collect their data, UpsideLMS has provided an ability in its platform to get the user's authorization (at the time of first/ repeat login - until the consent is given) using a disclaimer form, which can be easily customized by the customer as per their company guidelines.
- Personal Data: GDPR defines 'Personal data' as any information that relates to an identifiable natural person (data subject) who can be identified directly or indirectly by reference to an identifier such as a name, an identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
UpsideLMS empowers its customers to configure the data field(s) that they wish to maintain within its platform for their users.
- Data Removal: In line with GDPR's "right to be forgotten" - any citizen of the EU can request the removal of their data from a company's database if there is no longer any reason for it to be used by that company, or if a person chooses to withdraw their initial consent.
UpsideLMS honors the data removal request and can completely delete an end user’s record from the platform, post proper authorization from the client's end.
- Data Privacy and Security: UpsideLMS respects the privacy and security of all its customers. Which is why, all its LMS instances, while hosted on UpsideLMS' (shared) cloud servers, are completely independent and do not share any linkages to each other in any way. Further, complete platform administration access is provided to the client.
- Data Encryption: Data in transit (for ex. through APIs) is encrypted.
- Data Audit: For customers hosted on UpsideLMS' shared servers and for customers on a dedicated cloud server or hosted within their own premise, UpsideLMS honors all audit requests.
Amit Gautam, Director - UpsideLMS, said, "As an LMS provider to leading organizations in the UK-EU for the past 14 years, we have always taken efforts to help our clients not just stay on top of their game, but also stay compliant with all rules and regulations of that region. So when GDPR came into practice on 25th May, we were prepared. And so are our clients in EU." He further added, " I am confident that the various mechanisms we have provided in our products will make GDPR compliance an achievable task for our clients and prospects."
Disclaimer:The above information is not legal advice to be used in complying with GDPR. The content is meant only for educational purpose and to provide individuals and organizations with background information so as to help in better understanding Upside's efforts to comply with the regulation.