{"id":9801,"date":"2018-02-09T13:48:57","date_gmt":"2018-02-09T12:48:57","guid":{"rendered":"https:\/\/www.intellias.com\/?p=9801"},"modified":"2023-09-19T14:17:27","modified_gmt":"2023-09-19T12:17:27","slug":"elearning-gdpr-security-protocols-for-edtech-solution","status":"publish","type":"post","link":"https:\/\/intellias.com\/elearning-gdpr-security-protocols-for-edtech-solution\/","title":{"rendered":"eLearning GDPR Security Protocols for an EdTech Solution"},"content":{"rendered":"<p>Our client is a global provider of a cloud-based eLearning platform that teaches people how to adopt and use software. The company is based in the US and provides its services to Fortune 500 enterprises. Their eLearning GDPR compliant platform teaches employees how to get the most out of corporate software in a way that\u2019s relevant to their jobs, their work, and their learning styles. Our client has twenty years of experience training users on Novell, Corel, and Microsoft products (Windows, Office, OneDrive, Skype, etc.) through thousands of searchable and shareable video tutorials, online sessions, assessments, files, and web sources.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9804 size-full\" src=\"https:\/\/d17ocfn2f5o4rl.cloudfront.net\/wp-content\/uploads\/2018\/06\/GDPR-compliance-project.png\" alt=\"eLearning GDPR Security Protocols for an EdTech Solution\" width=\"770\" height=\"450\" srcset=\"https:\/\/intellias.com\/wp-content\/uploads\/2018\/06\/GDPR-compliance-project.png 770w, https:\/\/intellias.com\/wp-content\/uploads\/2018\/06\/GDPR-compliance-project-300x175.png 300w, https:\/\/intellias.com\/wp-content\/uploads\/2018\/06\/GDPR-compliance-project-768x450.png 768w\" sizes=\"(max-width: 770px) 100vw, 770px\" \/><\/p>\n<h2 id=\"business-challenge\">Business challenge<\/h2>\n<p>Our cooperation on the sope of <a href=\"https:\/\/intellias.com\/elearning-software-development\/\">eLearning software projects<\/a> with the client started in 2011 when they decided to shift from publishing to a SaaS business model. The company needed to develop an entirely new <a href=\"https:\/\/intellias.com\/innovative-corporate-training-software-for-professionals\/\">cloud-based eLearning platform<\/a>, and they wanted to develop it on the most recent technology for that time. They chose Microsoft Azure as it was fresh on the market and had the potential to cover all their needs. Intellias already had engineers striving to master this new technology, so it was a perfect match.<\/p>\n<p>As our collaboration evolved into a long-term relationship, our client started to deliver new features continuously for their users. They also started naturally expanding to new markets. The company achieved enterprise end customers in Europe. Then a new wave of data leaks and privacy breaches at some world-known brands led to new regulations and strict requirements for data protection.<\/p>\n<p>One of the most prominent of these new regulations is the General Data Protection Regulation (GDPR). Our client needed <a href=\"https:\/\/intellias.com\/cybersecurity-consulting-services\/\"><span style=\"font-weight: 400;\">data privacy compliance<\/span>\u00a0services<\/a> to comply with eLearning GDPR requirements as their platform directly processes personal user data.<\/p>\n<p>End customers\u2014usually huge enterprises\u2014get access to our client\u2019s eLearning platform to unleash their employees\u2019 potential by teaching them how to use corporate software. To get access to the platform, employees need to create user profiles that include personal data: first and last name, job title, email address, photo, and IP address. As our client has end customers in the EU, they needed to provide a full range of eLearning security and\u00a0<span style=\"font-weight: 400;\">data privacy in education\u00a0<\/span>measures to comply with eLearning GDPR requirements.<\/p>\n<p>Our client needed to detect all touchpoints with their users in order to inform them about the new terms and conditions, show users how they can control their personal data, and ensure that user data is securely protected. An additional challenge was automating the necessary actions after a user submits a request to withdraw data, delete data, or check what data has been collected. Our client needed to make all these changes across every touchpoint with hassle-free synchronization options so ongoing changes could be implemented everywhere for <span style=\"font-weight: 400;\">data privacy education resilience<\/span>.<\/p>\n<h2 id=\"Technology solution\">Technology solution<\/h2>\n<p>Our client took a very serious approach to GDPR <span style=\"font-weight: 400;\">data privacy compliance<\/span> to be able deliver its services to European customers. They brought on a dedicated in-house Data Protection Officer to check all steps of compliance with GDPR standards and ensure\u00a0<span style=\"font-weight: 400;\">data security education measures<\/span>. From day one of our cooperation, Intellias has been covering the entire engineering process for our client\u2019s MS Azure-based eLearning platform, so we were assigned to develop a GDPR security protocol for <span style=\"font-weight: 400;\">data privacy in education<\/span>.<\/p>\n<p>Our main task was to follow all <a href=\"https:\/\/gdpr-info.eu\/\">GDPR requirements<\/a>\u00a0for <span style=\"font-weight: 400;\">eLearning security<\/span><span style=\"font-weight: 400;\">\u00a0<\/span>and implement all necessary steps to comply with <span style=\"font-weight: 400;\">data security education<\/span> standards.<\/p>\n<h3><strong>Goals and achievements<\/strong><\/h3>\n<ol>\n<li><strong>Define personal data.<\/strong> We needed to clearly define which data collected on users should be considered personal data and in what situations this data is protected under GDPR. We consulted with legal professionals on this issue and defined personal data as any data that identifies a person. To apply eLearning GDPR rules for <span style=\"font-weight: 400;\">data privacy compliance<\/span>, we chose to use IP-based location identification. If a user is located in Europe, we apply all necessary procedures. We also considered the particular case when a user works via VPN from another country but has an IP address assigned in Europe. To account for this possibility, we decided to always provide users with an option to confirm their location manually. A user will see a pop-up screen with information about their location and then have the choice to agree or disagree to further GDPR procedures.<\/li>\n<li><strong>Get consent for data collection.<\/strong> We needed to get clear consent from users to collect personal data such as first and last names, job positions, email addresses, photos, and IP addresses. This consent must be seen at every touchpoint where users interact with the client\u2019s solution and can give data about themselves. A particular use case was developed for users ages 13 to 16 as they need permission of parents or another responsible adult to share their personal data. This case was not applicable for our client, though, as they provide services only to enterprise employees who strictly must be older than 16. Still, we needed to make sure to comply with all standards and included a special scenario for this particular age group.<\/li>\n<li><strong>Communicate users\u2019 rights.<\/strong> We needed to communicate to users their rights to have their personal data deleted, to access their personal data, to change it, to request a report on what data has been collected, and to be forgotten and stop collection of data. Ensuring these rights is essential for compliance, and we needed to handle all of these requests by users within the following time frames: 72 hours to notify users about possible data loss, 72 hours to answer enquiries regarding personal data, and 30 days to delete all data.<\/li>\n<li><strong>Privacy by design and data portability.<\/strong> We developed a system of <span style=\"font-weight: 400;\">data privacy education\u00a0<\/span>reports that gather all collected information on users including personal data they share in their user profiles and their log stories. These reports provide a much easier way to view data after each particular enquiry from a user. They also improve the portability of data by putting all user data in one place. This allows for a quick response when a user requests to download all of their data. We incorporated production of reports into the solution architecture.<\/li>\n<\/ol>\n<h2 id=\"Business-outcomes\">Business outcomes<\/h2>\n<p>We divided the process of eLearning GDPR compliance into two phases. The first phase was more urgent, as it dealt with things that were obligatory for further operation in the European Union market. The second is a process of continuous improvement to optimize processes related to users&#8217;\u00a0<span style=\"font-weight: 400;\">data privacy in education<\/span>. The first phase has already been completed. During that phase, we implemented the following measures:<\/p>\n<ul>\n<li>Created an MS Azure-based engine to generate reports on all user data at every touchpoint with client services<\/li>\n<li>Created an automated algorithm to delete data upon user request, including log data<\/li>\n<li>Designed a custom UI for interacting with users on matters related to privacy<\/li>\n<li>Added admin functionality for customers to be able delete their employees\u2019 data<\/li>\n<li>Set up a system of notifications for admins on the end-customer site about users\u2019 activities in regard to data operations<\/li>\n<li>Synchronized all touchpoints to send updated terms and conditions even if a user has approved a previous version of the terms and conditions<\/li>\n<li>Implemented a monitoring system to detect expired customers who have not prolonged their license for the client\u2019s product in order to delete their data automatically<\/li>\n<\/ul>\n<p>Now we\u2019re going through the second phase of the eLearning security project. We\u2019re working on a more insightful view for users on what data is being collected. Specifically, we\u2019re preparing comprehensive reports with dashboards and diagrams to visualize data for users in order to give them a better understanding of how their data is used by our client.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We&#8217;ve developed eLearning GDPR security protocols for an education platform to comply with the privacy policy of users\u2019 personal data<\/p>\n","protected":false},"author":6,"featured_media":49761,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[36,75,19],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.1 (Yoast SEO v22.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>eLearning GDPR Security Protocols for an EdTech Solution | Intellias<\/title>\n<meta name=\"description\" content=\"Learn how Intellias developed eLearning GDPR security protocols for an education platform to comply with the privacy policy of users\u2019 personal data.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/intellias.com\/elearning-gdpr-security-protocols-for-edtech-solution\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"eLearning GDPR Security Protocols for an EdTech Solution\" \/>\n<meta property=\"og:description\" content=\"Learn how Intellias developed eLearning GDPR security protocols for an education platform to comply with the privacy policy of users\u2019 personal data.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/intellias.com\/elearning-gdpr-security-protocols-for-edtech-solution\/\" \/>\n<meta property=\"og:site_name\" content=\"Intellias\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-09T12:48:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-19T12:17:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/d17ocfn2f5o4rl.cloudfront.net\/wp-content\/uploads\/2018\/06\/GDPR-complience-security-protocol.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Oleksii Vyshnyk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/s3-eu-west-1.amazonaws.com\/elasticbeanstalk-eu-west-1-981246043789\/wp-content\/uploads\/2018\/06\/22125020\/GDPR-complience-security-protocol-1920x600.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Oleksii Vyshnyk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/intellias.com\/elearning-gdpr-security-protocols-for-edtech-solution\/\",\"url\":\"https:\/\/intellias.com\/elearning-gdpr-security-protocols-for-edtech-solution\/\",\"name\":\"eLearning GDPR Security Protocols for an EdTech Solution | Intellias\",\"isPartOf\":{\"@id\":\"https:\/\/intellias.com\/#website\"},\"datePublished\":\"2018-02-09T12:48:57+00:00\",\"dateModified\":\"2023-09-19T12:17:27+00:00\",\"author\":{\"@id\":\"https:\/\/intellias.com\/#\/schema\/person\/7d2c47acfb66ddd0740b02cba383c3da\"},\"description\":\"Learn how Intellias developed eLearning GDPR security protocols for an education platform to comply with the privacy policy of users\u2019 personal data.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/intellias.com\/elearning-gdpr-security-protocols-for-edtech-solution\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/intellias.com\/#website\",\"url\":\"https:\/\/intellias.com\/\",\"name\":\"Intellias\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/intellias.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/intellias.com\/#\/schema\/person\/7d2c47acfb66ddd0740b02cba383c3da\",\"name\":\"Oleksii Vyshnyk\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"eLearning GDPR Security Protocols for an EdTech Solution | Intellias","description":"Learn how Intellias developed eLearning GDPR security protocols for an education platform to comply with the privacy policy of users\u2019 personal data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/intellias.com\/elearning-gdpr-security-protocols-for-edtech-solution\/","og_locale":"en_US","og_type":"article","og_title":"eLearning GDPR Security Protocols for an EdTech Solution","og_description":"Learn how Intellias developed eLearning GDPR security protocols for an education platform to comply with the privacy policy of users\u2019 personal data.","og_url":"https:\/\/intellias.com\/elearning-gdpr-security-protocols-for-edtech-solution\/","og_site_name":"Intellias","article_published_time":"2018-02-09T12:48:57+00:00","article_modified_time":"2023-09-19T12:17:27+00:00","og_image":[{"width":1920,"height":800,"url":"https:\/\/d17ocfn2f5o4rl.cloudfront.net\/wp-content\/uploads\/2018\/06\/GDPR-complience-security-protocol.jpg","type":"image\/jpeg"}],"author":"Oleksii Vyshnyk","twitter_card":"summary_large_image","twitter_image":"https:\/\/s3-eu-west-1.amazonaws.com\/elasticbeanstalk-eu-west-1-981246043789\/wp-content\/uploads\/2018\/06\/22125020\/GDPR-complience-security-protocol-1920x600.jpg","twitter_misc":{"Written by":"Oleksii Vyshnyk","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/intellias.com\/elearning-gdpr-security-protocols-for-edtech-solution\/","url":"https:\/\/intellias.com\/elearning-gdpr-security-protocols-for-edtech-solution\/","name":"eLearning GDPR Security Protocols for an EdTech Solution | Intellias","isPartOf":{"@id":"https:\/\/intellias.com\/#website"},"datePublished":"2018-02-09T12:48:57+00:00","dateModified":"2023-09-19T12:17:27+00:00","author":{"@id":"https:\/\/intellias.com\/#\/schema\/person\/7d2c47acfb66ddd0740b02cba383c3da"},"description":"Learn how Intellias developed eLearning GDPR security protocols for an education platform to comply with the privacy policy of users\u2019 personal data.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/intellias.com\/elearning-gdpr-security-protocols-for-edtech-solution\/"]}]},{"@type":"WebSite","@id":"https:\/\/intellias.com\/#website","url":"https:\/\/intellias.com\/","name":"Intellias","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/intellias.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/intellias.com\/#\/schema\/person\/7d2c47acfb66ddd0740b02cba383c3da","name":"Oleksii Vyshnyk"}]}},"_links":{"self":[{"href":"https:\/\/intellias.com\/wp-json\/wp\/v2\/posts\/9801"}],"collection":[{"href":"https:\/\/intellias.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/intellias.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/intellias.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/intellias.com\/wp-json\/wp\/v2\/comments?post=9801"}],"version-history":[{"count":6,"href":"https:\/\/intellias.com\/wp-json\/wp\/v2\/posts\/9801\/revisions"}],"predecessor-version":[{"id":64484,"href":"https:\/\/intellias.com\/wp-json\/wp\/v2\/posts\/9801\/revisions\/64484"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/intellias.com\/wp-json\/wp\/v2\/media\/49761"}],"wp:attachment":[{"href":"https:\/\/intellias.com\/wp-json\/wp\/v2\/media?parent=9801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/intellias.com\/wp-json\/wp\/v2\/categories?post=9801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/intellias.com\/wp-json\/wp\/v2\/tags?post=9801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}