We’ve made some system changes. Here you’ll discover how our training management system has been updated in response to the EU’s General Data Protection Regulations.
Whether you’re a processor or controller, you are liable for any third-party supplier you use. As such, if you automate any aspect of your business, your software supplier must adhere to the GDPR principles.
As an ISO 27001-certified company, we’re acutely aware of how important information security is. And because we’re committed to the on-going success of our customers, the following developments are designed to ensure continued compliance with the new data protection rules.
The GDPR demands that all companies have a legal basis for processing personal data.
As a training company, you may think this is a straightforward requirement: You need the personal data of delegates in order to process their course bookings and deliver training. However, delegates also need to be made aware of how you will process their data. Also know as their right to be informed.
When marketing to individuals, businesses will be required by law to gain explicit consent from those data subjects – in other words, your delegates must opt-in.
We’ll help you lawfully gain this with the following system enhancements:
The new regulations require you to report all data breaches within 72 hours of discovery. In the UK, you must notify the Information Commissioner’s Office.
Data breaches include ‘unauthorised or unlawful processing… accidental loss, destruction or damage.’
Failure to notify the relevant authorities of any data breach can result in fines of up to €10 million or 2% of global turnover; however, it’s worth remembering that once the GDPR is in force, you can risk fines of up to €20 million (or 4% of global turnover).
A key requirement of reporting any data breach is delivering evidence of incident investigation which can include audit logs. This allows the authorities – and your company – to see who was liable, how it occurred and when the breach happened. This is useful for limiting future data breaches and showing the ICO that your processes were designed to prevent breaches in the first place.
The following system enhancements assist you in this:
Data security lies at the heart of the GDPR.
To ensure that your system remains secure, we’ve updated the password policy and procedures to prevent unauthorised access. Note: This won’t affect the way you and your delegates log in to the system.
The following updates strengthen your data security further:
Want a tour of our GDPR compliant features? Book a demo here.
In addition to these exciting new developments, the accessplanit training success platform already features several functionalities that can be used to keep you GDPR compliant. These include…
Your delegates will have the right to request all the data your training companies holds on them and the right to transfer their data from one business to another. These need to be delivered within one month of receiving the request and delivered in a commonly used format.
Using our Reporting Engine, you can easily pull all information held on an individual and export that data in formats including Excel, Word and PDF.
It’s important that you securely retain any data on an individual – even inactive delegates. Within the system, you can set up filters and reports that monitor inactivity over a set amount of time.
When the retention period is up, filters help you to define the relevant data to remove.
Another core right of your delegates is the right to rectification. If you hold inaccurate data, individuals can request those details are updated and accurate.
We’ve made this step even easier – delegates can update their own details, including marketing preferences, via the Learner Portal.
You may currently be using an accessplanit Test site or Sandbox site. These sites bypass email rules when resetting your password, to ensure increased security.
In addition to the new developments for audit logs, the system has always offered audit log tracking. This means you can see, at a glance, which users have accessed the system and when, as well as seeing which parts of the system they went to. This information is vital should you need to report a data breach to the ICO.
We've held a GDPR for Training Companies webinar which will provide the information you need. If you’d like to know more about how the new regulations will affect your training company, sign up today. If you'd prefer a one-to-one session, book a demo here.