July 2018

CrossKnowledge’s steps on the road to GDPR compliance

1: ISO certification

We began by obtaining ISO 27001:2013 certification for the Information Security Management system we use to deliver our SaaS solutions. This ensures that the technology required to maintain the confidentiality, integrity and availability of customer data is in place and in line with the spirit of the GDPR.

Certification applies not only to our hosting activities, but also to all teams involved in customer data-related operations,” said Danny De Witte, Data Protection Officer at CrossKnowledge. “Our clients were calling for it, and we wanted to safeguard the chain of security and trust. We believe this is a huge competitive differentiation factor in the SaaS e-learning market.”

2: Compliance of products and services

We’ve made significant changes to a range of CrossKnowledge products and services, adding GDPR-related functionality to:

For example, you can now manage privacy settings, track consent (i.e. the time and date of each user’s agreement to use their data), offer data portability and the right to be removed, from within the CrossKnowledge Learning Suite.

3: Data Protection Officers throughout Wiley Group

Under the GDPR, any company that processes or stores significant data must appoint a Data Protection Officer to manage that data and ensure compliance. Wiley Group has appointed multiple DPOs – one for each subsidiary and affiliate. This, and our worldwide client base, gives us a truly global perspective on data security. We’re ideally placed to understand the data protection challenges faced by global learning organisations with customers and employees inside and outside the EU. Our DPOs are currently working with customers to agree Data Protection Addendums to current contracts and to ensure GDPR compliance.

4: Customer contact

Over the coming weeks, we will be proactively contacting all of our customers in L&D to review our data protection agreements, connect with Data Protection Officers, and work together towards full GDPR compliance. In the meantime, don’t hesitate to contact us if you have any questions or concerns.

For legal enquiries: Danny De Witte, Data Protection Officer, CrossKnowledge: [email protected]

For product enquires: Danish Khan, Product Marketing Manager, CrossKnowledge: [email protected]