Login Form

Audit Trail: accountability for GDPR on Forma

One of the most important principles of the GDPR is that of accountability, so owners and managers must be able to demonstrate that the processing has always been carried out in accordance with the regulation , and to be able to quickly identify the cause of any data theft or tampering.

Technical precautions may not be enough, especially on an e-learning platform ...

Article. 24 of the GDPR says verbatim that:
 
[...], the data controller implements adequate technical and organizational measures to guarantee, and be able to demonstrate , that the treatment is carried out in accordance with this regulation. These measures are reviewed and updated when necessary

New plugin for Forma

In short, it is not enough to prevent by adapting to the specifications of technical and organizational compliance with the principles of privacy by default and by design. The GDPR requires that owners and managers are also able to easily demonstrate the compliance of the treatment carried out, defining in fact a reporting obligation, and that's why we have implemented a new plugin for Forma that will help you improve these processes.
 
Now, in case of legal dispute, how can we know who manipulated a user's data and when, to check if he was actually authorized to do so?
Can we verify when the user has given consent to the information and to the other disclaimers?
 
Let's not forget that on an elearning platform users' personal data are often accessible to a multiplicity of users, for different and lawful reasons:
  • The owner of the project and treatment
  • The technical managers of the platform (e.g. corporate IT or external supplier)
  • Managers who follow specific projects or organizational areas (e.g. the plant manager who must manage only his subordinates)
  • Teaching support staff, such as tutors and teachers
  • The users themselves, who can manage their data

Audit Trail plugin for Forma

This is the purpose of the Audit Trail plugin for Forma, which will record in a special "log" all the operations carried out on the platform, especially as regards:
  • creation, editing and deletion of users
  • modification of users' personal data
  • enrollment and unsubscription from courses

 

audittrail log screenshot  

 

audittrail settings screenshot 

 

audittrail log details screenshot

Many other operations

The operations that are possible and useful to record are many, potentially any action performed on the platform by users and administrators... and you can configure the system by choosing exactly the level of detail you need.
 
The log will tell you exactly who changed what and where on the platform.

Conclusion

Forma Lms is already GDPR compliant by default and by design, but there is more to compliance than what comes out of the box. 

If you want to have more control on all the operations and actions carried out on your LMS, Audit Trail is a must-have tool. 

This site uses cookies.

Some of the cookies we use are essential for parts of the site to operate and have already been set. We also use Google Analytics scripts, which all use cookies. You may delete or block all cookies from this site in your browser options.