Submit a ticket My Tickets
Welcome
Login  Sign up
Open navigation

How to Make your School GDPR Compliant

The GDPR (General Data Protection Regulation) is the most significant step in regulating private data in recent history, affecting every company that does business within the EU, the largest economy in the world. To help online school owners become and stay GDPR-compliant, LearnWorlds provides you with the GDPR-compliance Toolkit, the most comprehensive solution for detailed control over the Data Protection and GDPR-related settings of your school. Your school can either become fully compliant, or you can choose which options you want to enable (depending on your business model and whether you and your users are based in the EU or not).

Privacy - GDPR settings

Go to Settings → School Settings → Privacy/GDPR:

ÎĄou can set up whether the users will have the choice to opt-in to: 


a. Cookies

b. Marketing material

c. Email notification settings 

d. Data access and deletion requests


According to your business’s needs, you will be able to choose among the following:


1. No Data Privacy management: All users will be excluded from all 4 functionalities.

2. GDPR Compliance for all users: All functionalities will be applied to all users.

3. GDPR Compliance only for users browsing from within the EU: All functionalities will be applied only to EU school users.

4. Custom Data Privacy management: Control the GDPR functionalities that you prefer to have activated in your school for all users.


In the Privacy/GDPR settings page, you can also find the links to your school’s Privacy, Cookie Policy (as long as the respective setting is activated), and the Terms & Conditions pages. On each page, you can find and edit the available templates that we provide you with and add the text that you believe represents better your school’s policies. 


You can also enable the 'Reject all' button, where when you have enabled GDPR-related settings, you can show a 'Reject All' button in the cookies opt-in banner and allow your visitors to reject all non-essential cookies.


Let’s see what your students will see when you activate the above functionalities.

Cookies opt-in

On each page, a message will pop up, prompting the users to accept the cookies by clicking on the Got it! button. Once clicked, the pop-up message will not appear again. The users, before accepting the cookies, can click on Learn more, and the Cookie Policy will pop up, allowing them to read all the needed information. The displayed text can be edited by navigating to your Cookie Policy Page.

If the users wish to accept specific cookies and not all of them, they can click on â€śAccept individual cookies” and choose the preferable ones in the pop-up window.


When a user wants to change this cookies selection later, they can achieve that by navigating to their Profile → Edit → Privacy Settings. A pop-up window will appear, and In the Privacy setting tab, they will be able to edit all the relevant cookie choices.

Marketing opt-in

If this feature is activated, your learners can choose whether they want to receive marketing mail. This option will be available on their Sign Up Form:

or on the Email Grabbers:

Notes: 

  • This setting can be edited by the users later by navigating to their Profile Page → Edit and opening the Privacy settings tab under I want to receive news, tips, and other promotional material.
  • In case you need to manually add a user, you can also select whether this user will receive emails from your school, by checking the "The user has given consent to receive emails from this school" checkbox in the "Add User"  form. The new user and any user in your school can always change this option by navigating to their profile page, through the Privacy Settings Tab.
  • In case the admin hasn’t added the user or the user hasn’t subscribed with the Marketing opt-in activated, then an alert will pop up upon their first Login and will prompt them to activate the relevant email notifications.

Guest cookie preferences

Under Settings →  School Settings →  Privacy / GDPR you can also locate the Guest cookie preferences option. It aids in managing cookie preferences specifically for visitors to your school, rather than users. Allows guests who are browsing your website yet have not signed up (or are not logged in) as users, to review and update their cookie preferences. This option is available once you have activated the data privacy management-related settings.

Email Notification Settings

Activate this option to allow the users to decide whether they will receive email notifications regarding their activity in the school and any Academy Announcements. You can find more information about the Mass Email feature here.


Note: This setting can be edited by the users later by navigating to their Profile Page → Edit and opening the Privacy settings tab under I want to receive email notifications about my activity in this school.

Data Access and Deletion requests

By activating this functionality, you give your users a choice to navigate to their profile page (users can click on Edit and then Privacy Settings → Advanced Privacy Settings and either request to have their data erased from school or ask for their data report. 


  • If a user wishes to no longer be a part of your business, then they can click on Delete my account and forget me. That way, they can delete their personally identifiable information permanently and anonymize their history on this site. This is known as the “Right to be Forgotten”. Please remember that this doesn’t include any financial transactions completed on your website or other information legally required to be kept.
  • Any user has the right to ask for a copy of the personal data undergoing processing in a readable form, which has to be delivered within a month after the request is applied by clicking on Personal data access request (a respective message will be sent to the email account that is stored in Settings → Notifications → Admin settings)


What happens when a user requests to be deleted and forgotten?

If you receive such a request, you can navigate to the user management page, hover your mouse over the right column of the user’s account name and select:

  • Anonymize the account: The user will then be suspended, and their account details will be automatically replaced by an anonymous ID number. If this anonymized user has posted in the community or has sent any messages, their posts or messages will be anonymized too.
  • Delete the user: You can delete a user and simultaneously make their posts and messages anonymized. In case a user is anonymized or suspended, you first have to unsuspend the account and then delete it through the user’s page. 


Note: If the deleted user has a Stripe account, then automatically, it will be deleted in Stripe too and any active subscriptions or installments will be canceled.

Verifying a user’s GDPR preferences

  • Users Page: All the GDPR preferences and activated settings related to each user can be found by navigating to Users → All users and opening their User Card.

In addition, this information can also be exported along with the rest of the user’s info in an xls/csv file


  • Leads Page: The related to your leads GDPR information can be verified by navigating to Marketing â†’ Leads from pages, under the columns OPT-IN and EU USER
  • Integrations: When in a school the GDPR functionalities are set up, then the respective merge tags/custom fields are also created for the email marketing integrations (Mailchimp, Active Campaign, AWeber, or ConvertKit) and for Ζapier and Webhooks.


Notes

  • To be GDPR compliant when using javascript code snippets/scripts, you can also classify the scripts (install/embed) in the Custom Code tool (either for logged-in or logged-out users) based on the cookie preferences of the users who visit your school. To learn how this can be achieved, take a look at the instructive article.
  • Since the text within the cookie's pop-up window cannot be modified from the Theme Explorer, you can add the following snippet of code on the Custom code editor in the dynamic CSS slot. You can replace the red text with the color you would like in the code snippet.
.dataProtectionSettings-descr{
  color:red;
}


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.