November 28, 2018

November 28, 2018

November 28, 2018

Data protection and e-learning: Tips for companies

E-Learning

Company

When introducing e-learning, many personnel developers face the question of what to do regarding data protection. After all, a digital learning platform is always associated with personal data. But data protection and e-learning can fundamentally be easily reconciled if you keep a few basic things in mind. The three most important tips: Consider data protection from the very beginning, pay attention to transparency, and anonymize data when in doubt.

The good news up front: Those who fundamentally engage with data protection do not need to fear the subject in e-learning. Laws such as the GDPR have contributed to the fact that merely mentioning the term "data protection" causes many people to feel uneasy. Those who are not specialized in the area of data protection often have many questions.

That's why I spoke with our blink.it data protection expert, who completed an intensive data protection training of 60 hours. I wanted to know from him: What can personnel developers in companies do to ensure that data protection is not an issue when introducing new e-learning processes?

Note: All information is based on careful research and consultation with experts. However, we cannot provide legal advice in general. For specific questions regarding your company, it is best to contact your internal data protection officer directly.

In E-Learning and offline: This means "Data protection must be maintained"

The expert's responses were all clear and easy to understand. In principle, it always applies: Data protection must be maintained. At a minimum, those who process personal data should engage with it. This applies in seminars as well as when setting up an e-learning platform for employee training.

Processing personal data is fundamentally prohibited unless you have a legal basis. And you can ensure that by following a few tips. A legal basis exists primarily in the following two cases:

  • The consent of the affected person is (written) available.

  • Another law takes precedence over data protection, e.g., the obligation to retain invoices.




E-Learning und Datenschutz? Kein Problem, wenn du das Einverständnis der Teilnehmer einholst.




E-Learning and data protection? No problem if you obtain the consent of the participants.

Regarding e-learning, obtaining the consent of the participants in your employee training is the key to maintaining data protection. Essentially, our data protection officer has three tips for companies that want to use e-learning:

  1. Consider data protection from the very beginning

  2. Pay attention to transparency

  3. When in doubt: Anonymize data

I will explain what these broadly summarized tips entail in more detail below.

Tip 1: Consider data protection from the very beginning

The most important tip my data protection officer shared with me: Think about data protection as early as possible and contact the internal data protection officer in the company. Describe to him what type of e-learning is to be used for employee training and inquire about internal data protection regulations pertaining to it.

The best and simplest way to maintain data protection is a consent form of the affected parties – that is, the participants of the e-learning or employee training. Important: A consent form cannot be given retroactively. The consent of each participant must therefore be available before the platform is used for the first time. That’s exactly why you should consider data protection from the very beginning.

In general, the following applies to a consent form for the processing of data:

  • It cannot be given retroactively.

  • It can be revoked by the affected person at any time.

  • It must be purpose-bound.

  • The purpose must be time-limited.

Purpose-bound means that the consent is given for a specific use of data processing. The time limit does not have to be specified in calendar days – it is sufficient to relate the processing to the duration of the employee's employment in the company. In this example, the time limit thus applies when the employee leaves the company.

By the way: According to the GDPR, one speaks of "processing personal data" in any case where data is documented. This applies to the file folder just as much as to the digital file – whether offline or online. Any information that makes a person identifiable is considered personal data. More about this at: www.dsgvo-gesetz.de

Thinking about data protection from the very beginning means specifically:

  • Contact the internal data protection officer as soon as the topic of e-learning arises in the company.

  • Obtain a consent form from the participants as soon as they register on the e-learning platform.

Tip 2: Pay attention to transparency

Even with a consent form, the data protection officer advises making every processing of data as open and transparent as possible. This means: Inform your training participants when and how every piece of information is stored. For example, if 2,000 participants are working on a platform in e-learning and every comment can be viewed by all participants, inform the participants about this, for instance, with info text on the platform itself or detailed information in the intranet.

By the way: If someone publishes their address on a (publicly accessible) website, they are making it public. However, if they leave their address in a protected area of the web, they have not made it publicly available. A barrier is present when you need to create an account to access a webpage. Therefore, personal data that appears on LinkedIn, in the intranet, or on an e-learning platform must not be shared or otherwise processed.




Laptop mit Sicherung: Datenschutz im E-Learning ist wichtig für Unternehmen




Transparency in e-learning: Participants should always be clear about when and for what their data is stored and processed.

A transparent e-learning provider

The principle of transparency applies not only to the disclosure of data processing for participants. The technology partner of the e-learning platform should also have transparent data protection policies. Check whether your digital provider meets the following criteria:

  • Options for anonymization, e.g., for quiz questions and tests

  • Ability to obtain the consent of participants in a simple and transparent manner before processing

  • Existence of a contract for data processing

A contract for data processing (AV contract) is mandatory if two parties make an agreement involving the processing of digital data. It specifies the purpose and nature of the processing. Ideally, your e-learning provider already has an AV contract that your company or data protection officer reviews.

And what about us at blink.it? Data protection is not only fundamentally important to us, but we also place great value on transparency and an easy application of data protection in e-learning. We not only meet the aforementioned criteria but also offer to adapt the consent form at user registration to our own data protection policies. This allows for individual provisions for you and your participants to be included. And by the way: All blink.it employees have completed a basic data protection training.

To the data protection policies of blink.it

Tip 3: When in doubt – anonymize data

If there is no sufficient reason to collect personal data in e-learning, you can still anonymize or pseudonymize the data in accordance with data protection laws. For example, when evaluating an online training, it may not be important to know how each individual participant performed. If it is about the overall success of the e-learning measure, the trainer should compile the data in such a way that no inferences can be made about individual results.

In the best case, the trainer can already configure the platform so that results from interactive modules such as quizzes, surveys, or tests are provided anonymously. This way, you can internally decide whether and to what extent even the trainer can view the personal results.

Involve the data protection officer from the very beginning, pay attention to transparency, and check the AV contract – then you can seamlessly integrate e-learning and data protection!

Are you interested in the offerings from blink.it? Then feel free to make an appointment with my colleague Hans-Martin Sprungk. He will provide you with comprehensive advice and can help you introduce blink.it to your company – all without concerns regarding data protection and e-learning.




admin-demo-klein-1




Test blink.it

Your admin demo for blink.it

Do you want to test how an online course for blended learning works and how to create content with blink.it? Then request your free demo now!

Request a free admin demo now

Do you have questions about blink.it or this article?

Feel free to write to us if you have questions about the product or specifically about this article. Our marketing team is available to you via email or will forward your request to a suitable Blinkie 😊




Jetzt Nachricht schreiben




Do you need a concept for blended learning for your business? Here you can get our guide "Blended Learning for Businesses" for free.

Get the guide now!

Get the guide now!

Recommended for you

5

min read

June 3, 2025

E-learning in the hammock: Myth or possibility?

4

min read

April 28, 2025

Efficient payroll processing through payroll outsourcing

6

min read

March 31, 2025

Socratic Questioning: Promoting Critical Thinking in E-Learning

5

min read

June 3, 2025

E-learning in the hammock: Myth or possibility?

4

min read

April 28, 2025

Efficient payroll processing through payroll outsourcing

6

min read

March 31, 2025

Socratic Questioning: Promoting Critical Thinking in E-Learning

3

min read

March 5, 2025

People Management meets Learning Management

VEDA übermimmt blink.it - v.l.r. Martin Graichen, Michael Witzke, Konstantin Ristl, Dr. Ralf Gräßler

1

min read

January 13, 2025

blink.it will become part of VEDA

Try blink.it for free.

Start now!

Try blink.it for free.

Start now!