The GDPR (General Data Protection Regulation) is the most significant step in the regulation of private data in recent history, affecting every company that does business within the EU, the largest economy in the world. 


To help online school owners become and stay GDPR-compliant, LearnWorlds provides you with the GDPR-compliance Toolkit, the most comprehensive solution for detailed control over the Data Protection and GDPR-related settings of your school. With the GDPR-compliance Toolkit, your school can either become fully compliant, or you can choose which options you want to enable (depending on your business model and whether you and your users are based in the EU or not).


Let’s take a look at the GDPR features and settings of your school, with which you will be able to customize your website according to legislation and your users’ privacy preferences:



Privacy - GDPR settings


By navigating to Settings-> Privacy/GDPR you will be able to adjust the Data Privacy & GDPR-related settings and choose the functionalities that your school will follow.




From this page you can set up whether the users will have the choice to opt-in to to “Cookies”(a) and “Marketing material”(b)  and to have access to email notification settings (c) and data access and deletion requests (d).



Note: By clicking on each choice, you will be able to preview the functionality that you are selecting.


According to your business’s needs you will be able to choose among the following:



  1. No Data Privacy management : All users will be excluded from all 4 functionalities.

  2. GDPR Compliance for all users: All functionalities will be applied to all users.

  3. GDPR Compliance only for users browsing from within the EU: All functionalities will be applied only to EU school users.

  4. Custom Data Privacy management : Control the GDPR functionalities that you prefer to have activated in your school for all users.


Note: In the Privacy/GDPR settings page you can also find the links to your school’s “Privacy”, “Cookie Policy” (as long as the respective setting is activated, 2,3 or 4) and “Terms & Conditions” pages. In each page you can find and edit the available templates that we provide you with and add the text that you believe represents better your school’s policies. 






Let’s see now what your students will see when you have the above functionalities activated.


(a)Cookies opt-in 



In each page a message will pop up , prompting the users to Accept the cookies by clicking on “Got it!” button. Once clicked, the pop up message will not appear again. 


The users before accepting the cookies, can click on “Learn more”, and the “Cookie Policy” will pop up, allowing them to read all the needed information. The displayed text can be edited by navigating to All Pages -> “Cookie Policy” Page.


In case the users wish to accept specific cookies and not all of them, they can click on “Accept individual cookies”...


… and choose the preferable cookies in the pop up window.

 



Note: When a user wants to change this cookies selection later, they can achieve that by navigating to their Profile page (and then clicking on “Edit”). In Privacy setting tab, they will be able to edit all the relevant cookies choices.





(b) Marketing opt-in for users.


If this feature is activated, your learners will be able to choose whether they want to receive marketing mailing. This option will be available on their Sign Up Form...

..or on the “Get Mail”- “Lead”  templates.




Note 1: This setting can be edited by the users later, by navigating to their Profile Page  -> Edit and opening the Privacy settings tab.


Note 2: In case you need to manually add a user, you can also select whether this user will receive emails from your school, by checking the respective checkbox in the “Add User” form.



The new user and any user in your school can always change this option by navigating to their Profile page (and then clicking on “Edit”), through the Privacy Settings Tab.


Note: In case the admin hasn’t added the user or the user hasn’t subscribed with the Marketing opt-in activated , then an alert will pop up upon their first Login and will prompt them to activate the relevant email notifications


(c) Email Notification Settings.

Activate this option to allow the users deciding whether they will be receiving email notifications regarding their activity or the school.


 

(d) Data access and deletion requests.


By activating this functionality you give your users the choice to navigate to their Profile page (click on “Edit” and then “Privacy Settings” -> “Advanced Privacy Settings”) and either request to have their data erased  from school or ask for their data report. 



1If a learner wishes to no longer be a part of your business then they can click on “Delete my account and forget me”. That way they will be able to delete their personal identifiable information permanently and anonymize their history in this site. This is known as the “Right to be Forgotten”.Please remember that this doesn’t include any financial transactions completed in your website or other information legally required to be kept.

2 Any user has the right to ask for a copy of the personal data undergoing processing in a readable form, which has to be delivered within a month after the request applied by clicking on ”Personal data access request” (a respective message will be sent to the email account that is stored in “Notifications” -> “Admin settings”)


What happens when a user requests to be deleted and forgotten?

If you receive a such a request you can navigate to “Users” page, hover your mouse over the right column of the user’s account name and select to :

a. “Anonymize” the account


The user then will be suspended and his account details will be automatically replaced by anonymous id number.

 


In case this anonymised user has posted in the community or has sent any messages, their posts or messages will be anonymised too:



b. "Delete" the user. 

You can delete a user and at the same time make their posts and messages anonymised.

In case a user is anonymised or suspended then you have to first unsuspend the account and then delete it through the user’s page. 


Attention: If the deleted user has a Stripe account then automatically it will be deleted in Stripe too and any active subscriptions or installments will be canceled.


Verifying a user’s GDPR preferences


Users Page:


All the GDPR preferences and activated settings related to each user can be found by navigating to Users -> All Users and opening their User Card:




In addition this information can also be exported along with the rest of the user’s info in an xls/csv file



Leads Page:

The related to your leads GDPR information can be verified by navigating to “Marketing Tools”  -> “Leads from Pages”, under the columns “OPT-IN” and “EU USER”




This information can also be exported along with your collected leads.


Integrations:

When in a school the GDPR functionalities are set up, then the respective merge tags-custom fields are also created for the email marketing integrations (Mailchimp, Active Campaign, AWeber or ConvertKit




..and for Ζapier and Webhooks


Note: In order to be GDPR compliant when using javascript code snippets/scripts you are also able to classify the scripts (install/embed) in the “Includes” section (either for logged in or logged out users) based on the cookie preferences of the users who visit your school.To learn how this can be achieved take a look at the instructive article.