COMPLIANCE

What is GDPR compliance?

The General Data Protection Regulation (GDPR) is a legislation that protects the personal data of individuals within the European Union (EU). The regulation primarily applies to any organization that collects or processes personal data of EU citizens.

The GDPR is comprised of seven key principles. To comply with the GDPR, an organization must align its data collection and processing activities to the requirements of the seven key principles.

Is Tovuti LMS GDPR compliant?

Yes, Tovuti is GDPR compliant and maintains its standing by implementing measures such as:

  • Encrypting customer data to protect against unauthorized access
  • Incorporating strict controls and authentication mechanisms to ensure only authorized personnel can access sensitive personal data
  • Enabling customization options to aid customers in maintaining compliance
  • Regular audits and monitoring of the Tovuti LMS platform

My business is not located in the EU. Does this still apply to me?

The GDPR applies to businesses that operate in the EU – not just those that have a physical presence. That means if you have EU users, you must adhere to GDPR regulations. While having a GDPR-compliant LMS can aid your efforts, you must also conduct your due diligence to ensure you meet compliance requirements.

What are the seven principles of the GDPR?

  1. Lawfulness, fairness, and transparency: Organizations must process personal data lawfully, fairly, and transparently, obtaining valid consent, informing individuals, and ensuring compliance with laws.
  2. Purpose limitation: Personal data should be collected for specific, legitimate purposes, avoiding incompatible processing, and ensuring consistency with defined purposes.
  3. Data minimization: Organizations should only collect necessary, relevant personal data, avoiding excess collection or retention of unnecessary data.
  4. Accuracy: Personal data must be accurate and kept up to date, with organizations rectifying or erasing inaccurate or incomplete data promptly.
  5. Storage limitation: Personal data should be retained only for necessary periods, securely deleting or anonymizing data when no longer needed.
  6. Integrity and confidentiality: Organizations must implement measures to secure personal data against unauthorized processing, loss, or damage, including encryption and access controls.
  7. Accountability: Organizations are responsible for demonstrating compliance with GDPR principles, implementing policies, conducting assessments, and maintaining records.