What is the GDPR?
The General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and standardizes data protection laws across EU countries. The GDPR provides EU citizens with greater data rights, and requires businesses to be more accountable and transparent with how they collect and process that data. There are seven key principles:
- Process data lawfully, fairly, and in a transparent manner.
- Identify a purpose for the processing of that data.
- Limit the data collected to what is necessary.
- Ensure the accuracy of personal data.
- Don't store personal data longer than needed.
- Put security measures in place to protect personal data.
- Take responsibility for what you do with personal data.
Data controller or processor?
Under the GDPR, there are different obligations for data controllers and data processors. Controllers are organizations that determine the purpose of processing personal data. Processors are typically third parties that process data on behalf of the controller.
CompetencyCore is considered a data processor because we do not control or change the purpose of information provided by clients, and we don't transfer that information to third parties without authorization from the client. Each client controls the data on their own CompetencyCore site.
How does CompetencyCore comply with the GDPR?
As a data processor, we are committed to protecting personal data. On May 17th 2018, we released a new version of CompetencyCore that supports the rights of EU citizens under the GDPR and helps our clients meet their obligations as data controllers.
Right to be informed
Right of access and data portability
Administrators can export a CSV file of each user's personal data. This includes the user's contact details and data provided about the user from their profile, assessments, plans, and tests. Check out the Manage user accounts article to learn how to download this information.
Right to rectification, restrict processing, and object
Right to be forgotten
CompetencyCore allows administrators to disable and delete user accounts so you can respond to user requests to erase their data from your site.