What is GDPR?
The General Data Protection Regulation (GDPR) is a ruling intended to protect the data of citizens within the European Union. The GDPR is a move by The Council of the European Union, European Parliament, and the European Commission to provide citizens with a higher level of control over their personal data. GDPR went into effect on May 25, 2018.
Who will be affected by the GDPR?
The GDPR has far-reaching implications for all citizens of the European Union and businesses operating within the EU, regardless of physical location. If businesses hope to offer goods or services to citizens of the EU, they will be subject to the penalties imposed by the GDPR. In addition, any business that holds personal data of EU citizens can be held accountable under the GDPR.
What data is important regarding GDPR?
GDPR directly refers to the protection of personal data. As a user of CN, this means your picture, your email, your name, your site usage, and your social activity. We've implemented a seamless, easy to use privacy checklist that users can edit at any time. This will help ensure your personal data is being shared with who you choose, or it is being deleted.
How will CN comply with GDPR?
Our Legal Documentation
CourseNetworking sites and services are primarily operated on Amazon servers located in the United States. To improve our service and site for users, we may transfer your personally identifiable information from the EEA to the U.S. However, during these transfers, we take full precautions and provide the same level of protection as transfers residing in the EEA. As previously mentioned, we use Amazon servers, and through Amazon, we adhere to the EU-U.S. Privacy Shield Framework when transferring data from the EEA to the United States. Please see the Amazon Privacy Shield Policy certification for more information.
CN user rights under GDPR
For ePortfolio data, you may download your ePortfolio into a PDF document. Please check out the Save ePortfolio as PDF article. This document does not include archived sections. If you require other data, please email us at email@example.com and we will provide it to you.
To help you with this, we have visibility settings on each piece of the ePortfolio allowing you to choose who you want to share data with. If you wish to save it for yourself, you can simply archive it. You can also edit all of your visibility settings via the security checkup tool under ePortfolio visibility (see below).
3. Right to be 'forgotten' (e.g., unable to be found via search, etc.)
We offer a few security options for this as well. Users have the options outlined in the screenshot below. If you would like to permanently delete your account, please view our Account Deletion Policy and contact firstname.lastname@example.org to request deletion.
4. Right to data portability
CN does support this and can provide users interested in a copy of their data in a machine-readable format.
5. Right to seek damages, should you suffer from misuse/breach of your data
If you would like to submit a deletion request or other inquiry regarding your personal data, please email us at email@example.com
Definition: A data breach is any situation where an outside entity gains access to user data without the permission of the individual. Data breaches often involve the malicious use of data against users.
If a data breach should occur, the GDPR specifies that companies must provide adequate notification. The affected company has 72 hours to notify the appropriate data protection agency and must inform affected individuals “without undue delay.”