GDPR for Online Course Membership Sites

GDPR in 60 Seconds

The General Data Protection Regulation (GDPR) is legislation in Europe that is going into effect on May 25, 2018. It’s about raising the standard for personal data privacy and freedom. If you are located in Europe or you do business in Europe, there are standards that your online course membership website business needs to adhere to in order to be in compliance with the GDPR.
The European Union is claiming that not following these guidelines will eventually result in a fine: Up to EUR 20 million or 4% of your annual turnover.
LifterLMS shows leadership in the WordPress community and a commitment to the international community with a suite of GDPR compatibility tools for online course membership site owners.

What is GDPR?

Last month we published this post about what GDPR is.
In summary, for online course membership sites, GDPR grant your users the right to:

  • Know who you are, why you collect the data, and for how long and who receives it
  • Consent before any data is collected
  • Access their data and take it with them (the right of data portability)
  • Delete their data (the right to disappear)
  • Know if data breaches occur

How LifterLMS Helps with GDPR Compliance

1) Users can now request their order and LMS data and get it via a download. At the conclusion of a data export an email will be sent to the user with an attached ZIP file containing their personal information from the site.
Here is the documentation on data portability for your users.
2) Users can now request to be deleted from your learning management system website.
The process of a Data Export and Erasure are nearly identical. It goes like this …

  1. A user request’s an export or erasure via email.
  2. A site administrator enters the user’s email address in the “Send Request” field.
  3. An email is sent to the user requesting confirmation.
  4. Once confirmed, a site administrator processes the request.

Notice the security in that process in terms of “confirmation.” Taking data and erasing data are important actions, so it’s important to “confirm” that the person involved is the person involved and is clear on what’s about to happen.
WordPress has itself added data export and erasure actions that LifterLMS hooks into adding more features.
With LifterLMS you have two types of user data:

  • LMS data
  • Order data

You can choose to enable which types of data can be erased.
Here is the documentation on the right to disappear for your users.

Note that order data will be anonymized so as not to mess up your accounting.
3) You now have tools to add privacy info that they can agree to at the moment of checkout, enrollment, or registration that explicitly states your privacy policy with a link to your detailed privacy page.
LifterLMS now allows you to create a custom privacy page and customize the privacy statement at the moment someone decides to become a user on your website. The image below details what that looks like:

Below is an image showing how to customize your privacy statement:

Since WordPress 3.9.6, a set of helper tools is included that provide you with a Privacy Policy outline and option to select a privacy policy page. This makes it a lot less overwhelming by giving you an outline and sample content to start with so you don’t have to start from scratch.
Here is the documentation on setting up your privacy options. 

Here’s What I’d Like You To Do Next

Update WordPress, your theme, and all your LifterLMS plugins to take advantage of the new GDPR features.
Please visit the documentation on Privacy and GDPR tools for LifterLMS.
Sign up to attend or get the replay of our informational GDPR webinar and features demo.
Stay tuned for a follow up post on LifterLMS, email marketing, and GDPR.

Legal Disclaimer

The contents of this article does not in any way constitute legal advice. This post is for informational purposes only, and we strongly encourage you to seek independent legal advice to understand how you need to comply with GDPR.