GDPR Compliance for the Percipio Platform
The General Data Protection Regulation (GDPR) is a comprehensive European regulation designed to protect the individual privacy rights of European Union (EU) residents. It, came into force on May 25, 2018. SkillSoft is committed to protecting the personal data we process on behalf of our customers.
- How does Skillsoft support GDPR?
- What does GDPR mean for me, the user?
- What happens when a user is erased?
- Skillsoft's European Union Data Center
How does Skillsoft support GDPR?
SkillSoft established a comprehensive GDPR compliance program. SkillSoft continues to refine and improve its GDPR compliance program over time, and is committed to partnering with its customers to assist them in their GDPR efforts.
At SkillSoft, we strive for transparency with our customers and partners. A few examples of our GDPR compliance program and how customers can partner with us to support their GDPR compliance initiatives, include:
- International Data Transfers: The GDPR requires organizations to use a recognized legal mechanism to transfer data from the EU to other countries that do not have a similar data protection framework. SkillSoft maintains a comprehensive data processing agreement (DPA) that includes appropriate standard contractual clauses to effectuate data transfers. SkillSoft also maintains additional safeguards to protect transferred personal data, and makes documentation outlining such measures available to customers upon request.
- Security: We implemented a variety of technical and organizational safeguards designed to protect the security and integrity of the personal data we process. For example, Skillsoft uses encryption in transit, access controls, physical security measures, and logging. More information about Skillsoft’s technical and organizational measures are available to customers upon request.
- Data subject rights: The GDPR affords EU residents with various rights with respect to their personal data. For example, EU citizens can request access to their data, deletion (also known as the “Right to Be Forgotten),” and correction. As a data processor to our controller customers, SkillSoft is committed to assisting our customers in fulfilling their obligation to process data subject rights in a timely manner. In some instances, we created tools that allow customers to directly exercise data subject requests through our platform, and in all other instances, we will provide appropriate assistance to our customers in fulfilling data subject requests related to personal data that we process on behalf of our customers. If we receive a data subject request from an end user of our customer, we will promptly forward the request to our customer for processing.
- Onward transfer. Before selecting vendors that may have access to customer personal data, we perform appropriate diligence regarding the privacy and security practices of such vendors. We also implement DPAs with such vendors that contain data protection obligations and restrictions, as well as appropriate technical and organizational measures, that are at least as robust as those we agree to with our customers.
- Documentation: SkillSoft shares the GDPR’s commitment to transparency, fairness, and accountability which is why SkillSoft’s GDPR-compliance program includes documentation about our data collection and processing activities, records of processing activities, and the various policies and guidelines we follow.
What does GDPR mean for me, the user?
As a citizen of the EU or EEA, you can have an authorized customer representative from your organization request that Skillsoft erase your user data. Authorized customer representatives may submit requests through Skillsoft Support, which is ready to answer your request 24 hours a day, 7 days a week. Contact a Customer Support Consultant via Live Help (chat), email, or phone. For a complete list of worldwide telephone numbers, see the Skillsoft Support site.
What happens when a user is erased?
The erase function is performed by Skillsoft CloudOps personnel.
User data
Erasing a user permanently and irreversibly anonymizes personal data so that it no longer identifies an individual, directly or indirectly, including the user’s personally identifiable information (user ID, first and last name, email, etc.). Once erased, the user is no longer identifiable in the system, and can no longer sign into the platform.
Activity data
All user activity data (content accesses, progress data, likes, completions) is retained in the system for aggregate analysis and reporting, but is no longer identifiable.
Skillsoft's European Union Data Center
Skillsoft's data center in Frankfurt, Germany, is set up for Percipio customers headquartered in the European Union (EU) as well as multinational Percipio customers doing business in the region. This data center enables Percipio customers to restrict the storage and processing of their data within the EU and support their compliance with data sovereignty laws. The European data center enables user data to stay within the confines of the EU, including data at rest and data in motion.