Our Commitment to You
At SkyPrep, we have a duty, both ethically and professionally, to ensure that the information entrusted to us adheres to the level of confidentiality, privacy, accuracy, and availability expected from us. As required by GDPR, the personal information that we are provided with will be protected against unauthorized disclosure, be easily maintainable to ensure accuracy, and attributable. We are currently overhauling our GDPR compliance plan to ensure that the SkyPrep LMS is fully compliant with GDPR by May 25th, 2018.
While GDPR focuses mainly on standardizing data privacy in EU countries, it also affects all organizations that have access to personal information of EU citizens, regardless of where the organization itself is located. As such, you’ll find our plan to become GDPR compliant below.
Preparing for the GDPR
The GDPR requires sweeping changes from most companies, and SkyPrep’s team is working hard to meet the updated requirements before May 25th, 2018. We will continue to invest in our platform security, ensure that we have appropriate contractual terms in place, and enhance our policies, controls, and features to facilitate GDPR requirements.
However, much of the GDPR is left up to interpretation, and as such, we will continue to monitor for any new updates from regulatory bodies and we will adjust our plans as needed. We will continue to provide you with regular updates as we come closer to the May 25th deadline.
Our Security Infrastructure
Being a cloud-based company, ensuring that our customers’ data is protected is one of our primary focuses. Our infrastructure runs on Amazon AWS servers and AWS S3 storage, whose industry-leading services are heavily certified for both privacy and security. Further to this, SkyPrep will continually strive to maintain our security protocols and ensure that all aspects are up-to-date.
SkyPrep Customers’ Enhanced Rights as Data Subjects
SkyPrep values our customers’ rights as data subjects. Regardless of location or nationality, we are committed to the support of the new rights of all SkyPrep customers as under the GDPR.
The Right to be Forgotten: You can cancel your SkyPrep platform at any time and your data will be retained for 90 days, as per the Terms and Conditions, upon which all information will be permanently deleted. If a user wishes to be immediately removed from the records, all SkyPrep platform Administrators have the ability to instantly delete a user and all of their information. Additionally, if a platform Administrator requires an immediate deletion of their platform, they can let us know at email@example.com, and the platform, along with all of its information, will be deleted as soon as possible.
The Right to Object: If you don’t want to receive email notifications from SkyPrep, you are able to disable them yourself. Administrators are also able to disable email notifications for any user on their platform, if so requested. All marketing and update emails sent directly from SkyPrep will also contain an unsubscribe link in the footer, allowing recipients to opt out of future emails.
The Right of Rectification: Administrators can allow users to edit their own profiles to fix incorrect information, and they can also make the edits themselves. You can also directly contact us if you require assistance with accessing, amending, correcting, or deleting any information that we have about you if a platform administrator is unable to assist you.
The Right of Data Portability: If you require a copy of data, you can use any one of our multiple reporting options to export the data you need. We are also able to export your information to a third-party upon an administrator’s request, which should be sent to firstname.lastname@example.org.
Data Portability Solutions and Data Management Tools
We are aware that our customers require help from us to be fully compliant with GDPR, and we are in the process of implementing features that will make GDPR compliance even easier. While we already provide tools for compliance and progress tracking, we’ll be adding new features over the next little while that will streamline the process of pulling the information that you require. Below, we’ve listed how we’re planning on being GDPR compliant.
The Right to be Forgotten: All Administrators can permanently delete users and all their associated information, both individually and in bulk. Additionally, if the administrators are not responding to deletion requests, the request can be sent to email@example.com and we will be happy to do the deletion on our end.
The Right to Object: For users that do not wish to receive emails from SkyPrep or their platform, they can disable Email Notifications from their profile. Additionally, Administrators can also turn emails off for users.
The Right to Rectification: Administrators have full access to change and update a user’s information to ensure that it is correct. Users also have the ability to update their own profiles, and if editing profiles has been disabled by administrators, the user can contact an administrator or SkyPrep directly to access or update their information.
The Right to Access: Administrators are able to collect different information from their users using the Custom Fields feature. All information that is collected will also be visible in the user’s profile. If a user requires assistance with information in their profile and aren’t able to have their issue resolved by a platform administrator, they can contact us directly at firstname.lastname@example.org for assistance. While the GDPR mandates a maximum wait time of thirty days, we will be able to provide the information much quicker in most cases.
The Right of Data Portability: Our reporting tools allow Administrators to export data and information. These can be previewed online or saved as an XLSX or CSV file for record-keeping.
Consent: SkyPrep has two main features for acquiring consent. Administrators can opt to use a Terms and Conditions message that requires accepting before the user is given access to the platform, or they can opt to include one of our several signature/confirmation modules in a course, as shown here.
While we work to make GDPR compliance as easy as possible, you can keep track of the features we have already released here.
If you have any questions about GDPR and how it affects SkyPrep and its services, you can email us at email@example.com.