GDPR COMPLIANCE
My Learning Hub is prepared and compliant
Overview
My Learning Hub has implemented processes and procedures to ensure we meet both our Data Controller and
Data
Processor obligations under the European Union’s (EU) General Data Protection Regulation (GDPR).
To determine our readiness for GDPR, My Learning Hub conducted a risk-based gap analysis of current
capabilities
and validated the assessment with an independent, third-party, GDPR expert – Martin de Bruin. Our gap
analysis,
Cybersecurity Policy, Acceptable Use Policy, and Incident Response Policy are all available upon
request.
It's important to note: GDPR does not have an accredited certification method, which means there is no
GDPR-approved way to demonstrate compliance. If you have questions regarding our compliance, please reach
out
to dpo@mylearninghub.com and our Chief Cybersecurity Officer (CCO) or independent Data Privacy Officer (DPO)
will gladly answer any questions you may have.
Security
- My Learning Hub has strong data protection controls including encryption of data in transit and at rest,
in
order to safeguard Data Subject’s data from unintended disclosure or misuse.
- My Learning Hub follows industry standard best information security practices and rigorously tests its
products to proactively remedy bugs and vulnerabilities.
- My Learning Hub maintains incident response and notification processes which are reviewed and tested
annually.
- My Learning Hub has procedures in place to ensure data recovery and data integrity, so that customer
data is
not lost or inadvertently corrupted.
- My Learning Hub provides assurances that the customer retains full control of their data.
- My Learning Hub's key data sub-processors, e.g. Digital Ocean and others maintain rigorous security
standards
(ISO/IEC 27001:2013, EU-U.S. and Swiss-U.S. Privacy Shield Certification, SOC 1 Type II, SOC 2 Type II,
PCI-DSS and/or ISO 27001 certifications, where possible), and undergo annual vendor reviews.
Contractual Agreements
My Learning Hub provides Data Processing Agreements to any customer who may need them. Included in the Data
Processing Agreement are standard contractual clauses for data transfer to third-party countries. These
clauses
ensure our customers can transfer data to countries outside of the European Economic Area (EEA) in order to
be
able to use the My Learning Hub platform. Furthermore, My Learning Hub has Data Processing Agreements in
place
with all sub-processors where required by law.
Recommendations for My Learning Hub Customers
We believe security and privacy are a shared responsibility between vendor and customer. My Learning Hub is
committed to helping you successfully meet your GDPR privacy requirements. It is important to understand
your
obligations related to the GDPR regardless of where your organization resides.
- Read through and understand the regulation. Multiple languages and formats are available here.
- Perform a gap, or impact, analysis to determine if there are any controls or processes which need to be
put
in place to adhere to the regulation. If necessary, implement those changes.
- Review the personal information shared with My Learning Hub, including any integrations you may have,
and
ensure you are not sharing or storing any unneeded or sensitive (SSN, PPS, National Insurance, driver’s
license, data of birth, address, credit card #, passport #, etc.) personal data.
- Determine if you require consent from Data Subjects in order to process their information. If so, update
your consent collection and any forms or APIs if necessary.
- Review any processors, including My Learning Hub, which may store or process sensitive information.
Ensure
they have the proper processes and controls in place and establish Data Processing Agreements where
necessary.
- Update your privacy policy to reflect your use of My Learning Hub as a data processor for the purpose of
improving and managing your learning processes.
- Ensure you have the proper consent in order to track email opens. If not, we encourage you to turn those
features off.
- Make sure to include unsubscribe links or notices within any emails which are required by law.
- If you have received a Right to be Forgotten request from a Data Subject, simply delete the user within
My
Learning Hub and then remove that user from the archive. This information will be completely removed from
our systems.
- If you or your company wish to have their data completely removed from our systems please email
support@mylearninghub.com