5 Tips To Find An LMS With Advanced Data Security Measures (GDPR Edition)

5 Tips To Find An LMS With Advanced Data Security Measures (GDPR Edition)
Den Rise/Shutterstock.com
Summary: GDPR (General Data Protection Regulation) was intended to increase user privacy around the web. How can you ensure your LMS is compliant? In this article, I share 5 tips to find a Learning Management System that makes data security a top priority.

Advanced Data Security Measures: How To Find An LMS That Is GDPR Compliant

GDPR is touted as ‘the most important regulation change in years’. Or ‘the strictest privacy rules ever implemented’. It streamlines legal data protection rules throughout the EU. The same law now applies to all 28 members, and by extension, to any international companies operating within them. It increased punitive measures and demanded more transparency. In reality though, many online businesses continued their standard data practices. They just added a pop-up/disclaimer that ‘asks’ if you were okay with them harvesting and/or sharing your data. Still, non-compliance is pricey, so how can you avoid bare-minimum fine-dodgers? Here are 5 tips to find an LMS with advanced data security measures.

5 Quick Tips To Choose An LMS With Advanced Data Safety Protocols

1. Check Their Policy Page

The launch of GDPR has enacted ‘sweeping changes’ in the data mining industry. In reality, for many firms, these alterations were purely cosmetic rather than actual advanced data security measures. For example, many sites use cookies. In response to GDPR, all they did was ‘label’ their cookie use. Unfortunately, many of the cookie advisory pop-ups don’t give you option to ‘disagree’. You can click ‘yes’, click ‘x’ (if it’s there), or ignore the text-filled blob at the bottom of the page.

However, some organizations did make a bigger effort to comply. They created detailed policy pages explaining exactly what modifications they enacted. As you shop for an LMS, look for this type of information. It’s helpful knowing what advanced data security measures your LMS has. You can review their steps and see if they fit your data security expectations.

2. Review User Rights

Similarly, different LMSs give online learners and administrators varying levels of control. Find out what the specifications for your LMS are. Some only allow the admin to make changes, such as erasing user accounts or deleting stored data. Others provide options for online learners themselves to opt in or out of certain analytics. They can’t erase themselves from the system, but they can make a request to admin. The admin can then clear the online learner cache for privacy. Some of these opt-in/opt-out features include push notifications, marketing material, and mailing lists.

It also covers the admin and/or users’ right to export their data and have it removed from the system permanently. Advanced data security measures dictate that there is a detailed document listing of exactly what information is collected. It shows how it’s stored, where it’s located, and what they’ll do with it. Look through that list to be sure you’re okay with your LMS vendor having that data.

3. Call The ICO

Or email them. The Information Commissioners Office is probably the easiest way to become GDPR compliant. They charge a fee though, and they do all the dirty (or rather, clean-up) work for you. As LMS customers, you can find out whether they’re serviced by ICO. Some organizations are exempt, so LMS vendors can fill a self-assessment questionnaire to see if they’re eligible for exemption. The ICO website says registration is mandatory after 25th May 2018. Some LMS vendors, according to their tier, may need a data protection officer, so you can ask whether they have one.

Ironically, the ICO website also has a policy page. It explains how they handle the privacy of organizational registration data, so you know they walk their talk. Also, non-registration may be a criminal offense, so be sure your LMS Vendor is on the list.

4. Question Their Design

Some LMSs prioritize user privacy from the start, so they include advanced data security measures from the development stage. It’s not a slapdash solution they added to beat GDPR. You can find out by asking pointed questions about their design process. To prompt honest answers, pick your questions carefully. Leading questions are counter-productive. For example, if you ask, ‘Do you care about data privacy?’ They’ll answer, ‘Yes!’ But if you ask, ‘How do you ensure online learners’ right to be forgotten?’ Or, ‘How portable is your data?’ then you get a better answer.

Don’t hesitate to set up a meeting with the LMS vendor in person or via video conferencing. They should be able to tell you exactly what protocols are in place, why, and how they meet GDPR regulation. Are they knowledgeable about the new guidelines and how are they implementing changes accordingly?

5. Verify The LMS Vendor’s Data Security Center

It’s not just the online advanced data security to consider. You should also verify that the LMS vendor’s servers are secure and safeguarded from natural disasters. As well as data theft threats, such as hackers or viruses. It’s perfectly acceptable to ask the LMS vendor about the physical storage location of your data, who has access, and how they protect it. You should also ask whether back-ups are in place in the event of data loss. Furthermore, how do they handle data breaches and how quickly will they notify you of the issue? These are all concerns that you should address when vetting your new LMS vendor.


Applying GDPR to an LMS requires more than a colored box stating, ‘We use cookies. Say you agree or leave the site.’ It needs a meticulous, sincere approach to protecting user privacy. Peruse your LMS vendor’s privacy policy and/or the GDPR page. Enlist a techie and a lawyer to decipher the jargon for you. Ask specific questions about opt-in/opt-out categories. Confirm that your LMS vendor is registered with ICO or other relevant regulatory boards, and what their tier is. Finally, use targeted questions to see their thoughts (and measures) on advanced data security measures, data movement, and storage.

Finding an LMS that values data security and privacy as much as you do is essential. It helps prevent costly compliance violations and keeps your reputation intact. Our LMS online directory features the top platforms on the market today. You can even narrow your results based on key factors, such as pricing model and spec support.