July 2018

Will the new GDPR compromise learning? It shouldn’t have to.

Now that the noise around the General Data Protection Regulation (GDPR) is beginning to subside, CrossKnowledge is reaching out to customers to agree how best to balance each organisation’s new responsibilities with the data requirements of its Learning & Development programmes.

Many of CrossKnowledge’s recent innovations in learner experience have been enabled by learner data – from personalised Learning Paths and content recommendations based on predictive analysis, to personality assessments in products like CK Connect.

One possible of risk with the new regulation – which wasn’t written with Learning & Development in mind – is that over-enthusiastic application could compromise learning experiences and undermine L&D outcomes. Fortunately, this is entirely avoidable.

Hard at work in the background

At CrossKnowledge we’ve been working hard in recent months to make sure that our technology platforms continue to deliver the responsive, feature-rich learning experiences that you’ve come to expect, whilst complying fully with EU legislation.

The good news is that we don’t need to process ‘sensitive’ data on your employees (e.g. gender, social security number or health status) in order to provide those services, or to drive the next generation of developments. However, we would still like to process other personal data (e.g. location, function, business unit), so we must ensure that our data-handling procedures and technologies align with yours. We also need to reassure learners that their data is being used responsibly, to minimise unnecessary requests to move or delete data.

We’re okay with Netflix recommending TV programmes or films, based on our viewing activity,” says Danny De Witte, Data Protection Officer for CrossKnowledge.But people can get nervous when their data is used in a similar way for learning and development.”

Enabling data-dependent learning experiences

Employees want to know that their personal data will be stored and processed securely. But organisations, as well as employees, need to understand that consenting to the use to personal data is what enables many of the rich learning experiences they currently enjoy.

According to De Witte, organisations that stop sharing employee data could see their learning programmes become less personalised and less engaging over the coming year. “It’ll become harder to deliver learning outcomes, and harder to measure results using your preferred KPIs,” he says. “It’s important to remember that data sharing is actually a source of business advantage, not a liability.”

One of the first things we’ll need to do is to add a Data Protection Addendum (DPA) to the current contract between each customer, as the data controller, and CrossKnowledge, as the data processor,” explains De Witte. “This should explicitly describe our obligations, limitations, and what we’re doing to comply with the GDPR.”

The bottom line is: we need to talk. So, expect a call soon to explore the way forward with GDPR and your L&D data requirements. However, if you have an urgent question, please feel free to email Danny De Witte directly: [email protected]