GDPR Preparation: 3 Ideas To Check Readiness And 3 Questions For Your LMS Provider

GDPR Preparation: 3 Ideas To Check Readiness And 3 Questions For Your LMS Provider
Summary: If you process EU-based data, you need to pay close attention to the GDPR. With less than 100 days to the deadline, I have put together some quick, actionable tips to ensure you're ready and compliant. This also includes your third-party suppliers, such as an LMS provider.

The Right GDPR Preparation: What Do You Need To Do To Be GDPR-Ready?

To kick things off, here is a quick summary of the upcoming GDPR (General Data Protection Regulation): The 1995 Data Protection Regulation was completely outdated with today’s technology and internet, so in April 2016, the European Parliament refreshed data protection with the GDPR – General Data Protection Regulation.

The regulation requires that businesses have to ensure the protection of personal data and privacy of EU citizens for transactions that occur within European Union member states.

If you would like to understand more on the GDPR, here is a summary of the regulation that provides the main pointers. Below you will find some quick tips to help with GDR compliance.

How To Check Readiness

1. First Things First: Register With The ICO

Registering with the ICO is by far the simplest and easiest way to ensure your business is GDPR-ready.

When researching your current data handling practices within your business to ensure compliance, you should also register your yourself as a data controller with the ICO, too.

This step is vital and essentially ensures your compliance right from the beginning; however, you have to bear in mind that failure to register could be classed as a criminal offense and render your business non-compliant at a later stage.

2. Data Protection By Design?

Do you consider your product or service to integrate 'data protection by design'? This is where you evaluate your data flows and service providers to determine if there is an unwarranted amount of retention time with personal and business data.

Two key measures you need to consider:

  1. 'The right to being forgotten', which requires the designated data controller to actively maintain the data on hand. This means that data would also need to be actively deleted when requests are made by individuals.
  2. Testing 'data portability', which is a requirement for businesses to have easy access to its data through a multi-platform medium. This might put a bit of a dent in the spreadsheet tracking methods that many companies still use; that being said, spreadsheets are rarely up to date, which results in a number of redundant data piles in your hard drive.

3. Confirmation Of Consent

Whilst adding people to mailing lists without permission is generally bad practice, it is still an active practice. With the new regulation, you can no longer assume that the contact is giving you consent; you will also need to ensure that the consent is specific, referable, and unambiguous at the time any data is added.

What To Ask Your LMS Provider

So now that you are almost ready for GDPR and understand some of the requirements, I wanted to provide some tips for dealing with third-party providers, especially LMS platforms. It's crucial that you understand this key point – you are also responsible for ensuring that your LMS provider handles your employee data responsibly.

1. "How Does Your LMS Use Data And In What Format?"

Whilst the original requirements of all LMS providers is to protect your data, the extended rule now includes the format for data presentation.

Another key takeaway is that the data 'collectors' within your business also need to ensure not only the good management of data, but also the presentation of the data. This requires you to be able to provide your data in a transparent and intelligible way which inevitably means dashboards and real-time charts.

This should be considered a massively positive update, as far too many times you see way out-of-date data, impossible to read or even understand, and multiple files housed in a number of folders. Clear, concise data, when presented, can provide many actionable ideas and foresee trends that you may never have.

2. "How Does Your LMS Profile Users?"

With the importance of portability and transparency in mind, you also have to ensure that the profiling of individual user attributes can include, but is in no way limited to:

  • Work performance
  • Behavior
  • Perceived reliability by management

This requires that your LMS provider needs to have a careful balance between sourcing rich information from the platform users and safeguarding against errors and misrepresentation of users.

3. "How Portable Is Your LMS' Data?"

Under this updated GDPR regulation, users engaging with an LMS platform are not only guaranteed transparency and frequent access, but also the ability to access the data on both mobile and desktop devices.

If you also consider the 'right-to-access' extension, it means that your employees will need to be provided with a formalized performance feedback delivery. The by-product of this is that you will deliver regular and consistent feedback on performance, and regular feedback increases engagement and interaction. The default result with this is more learning uptake and increased employee retention.


All of the above are tips and pointers to help with GDPR compliance, but I still highly recommend you to conduct some form of GDPR training. There are plenty of resources, courses, and trainers to help ensure that every single aspect of your business is compliant, and the actions to take to do so.