TalentLMS has always enforced the highest of standards and the best industry practices to ensure the safety, integrity, privacy, and availability of the information you trust to us.
That’s not just because we have an ethical, legal and professional duty to do so, but also because the reputation and success of our very services depend on it.
Our thoroughness in this area is one of the reasons that we are trusted by some of the largest organizations for their mission-critical training programs, but also by businesses of all sizes.
To ensure all this, TalentLMS complies with existing national law and international regulation regarding privacy and security issues. As of May 25, 2018, the set of laws and regulations TalentLMS conforms to will include European Union’s own GDPR.
In this post, we’ll cover what this new regulation entails, explain how it provides even more security and privacy guarantees for your online information, and go into our methods and plans to achieve GDPR-compliance, both for ourselves and for our customers.
What’s this GDPR thing?
GDPR, short for the General Data Protection Regulation, and officially known as Regulation 2016/679, is an EU regulation intending to strengthen and standardize data protection and user privacy across the European Union, as well as regulate the export of personal data of European Union citizens outside of the EU.
GDPR, which replaces 1995’s data protection directive, will become enforceable on May 25, 2018, and, as an EU regulation, it’s directly legally binding and applicable to all EU member states and all organizations involved in processing personal data of EU citizens regardless of where they are established or process the personal data.
Preparing the GDPR-compliant TalentLMS
Our team is hard at work to bring TalentLMS (both the Cloud service and the mobile application) in line with GDPR regulations before May 25, 2018, an involved process which includes several architectural and infrastructural investments.
In pursuit of that, we are:
– Enhancing our policies, controls, and product offerings, including adding new options for data portability and data management for supporting data subjects’ enhanced rights and our customers’ GDPR compliance efforts
– Ensuring our infrastructure fully covers international data transfer restrictions. The Standard Contractual Clauses (SCC), is a commonly used mechanism for transatlantic data transfers, and still ensures compliance with the level of protection required by EU law.
– Adapting our contractual terms to harmonize with GDPR regulation
We will, of course, continue to invest in our security infrastructure, above and beyond what GDDR and the related US and international regulations suggest.
During the transition to GDPR compliance, and on the way to the May 25, 2018 deadline, we will continue to monitor GDPR-related guidance from privacy-related regulatory bodies and adjust our plans accordingly.
We will also provide you with regular updates along the way by means of our blog posts, newsletters, and/or website updates so that you are always current.
Our Security Infrastructure
As a cloud-based company entrusted with some of our customers’ most valuable data, protecting our customers’ information and their users’ privacy is extremely important to us, and we have set high standards for security.
These standards include only working with industry-leading Cloud providers that are heavily certified in privacy and security for our backend infrastructures ― such as Rackspace (for application servers) and Amazon AWS S3 (for data storage).
On top of that, we have built a robust privacy and security team, we are adhering to industry best practices and NIST recommendations, and have invested in automated vulnerability discovery infrastructure, incident monitoring, data protection and customer recovery pipelines, and a high availability backend architecture.
International Data Transfers
Worried about other countries snooping on your data? Don’t be.
The Standard Contractual Clauses (SCC), another commonly used mechanism for transatlantic data transfers, still ensures compliance with the level of protection required by EU law.
On top of this, and in accordance with GDPR, TalentLMS will never employ third party companies that retain data or perform processing (sub-processors) unless they are located in the list of countries for which the European Commission has explicitly affirmed their adequate handling and protection of personal data.
Data Portability Solutions and Data Management Tools
Over the next few months, we will be rolling out a series of tools and features for TalentLMS to make it fully compliant with the GDPR regulation.
This includes enhancements to the existing options for data export, giving them additional features and controls as required by GDPR.
More information on the operation and functionality of the new features and tools will be shared as they become available.
The GDPR initiative aims to provide an enhanced set of data protection and user privacy standards and regulations that are standardized across the European Union, while also attempting to regulate the handling of European citizens’ data outside of the EU.
TalentLMS is fully committed to its user’s security, privacy, and data safety and is in the process of achieving 100% compliance with GDPR ahead of the May 25, 2018, deadline. We will keep you informed from this blog, our website, and our newsletter, as we march towards this goal.
For any privacy-related concerns or questions about TalentLMS’ security and safety mechanisms and guarantees, don’t hesitate to contact our team at privacy at talentlms dot com.
| Tags: GDPR