Xvoucher provides enterprise class management of purchasing, distribution, management, and tracking of your certification, continuing education, employee training, and content delivery needs. As such, we serve people from across the globe helping them to achieve their learning goals. Now, a bit about the GDPR.

 

What is GDPR

GDPR is an acronym for General Data Protection Regulation, which only tells you a bit more than you knew before. The GDPR is new legislation aimed at enhancing the protection of EU citizens’ personal data and increasing the obligations of organizations to manage that data in transparent and secure ways. The GDPR applies to businesses that operate in the EU as well as any business that controls or processes data that can directly or indirectly identify as an EU citizen.
The GDPR will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It will come into force on 25th May 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.
Learn More
Xvoucher's 7 Steps to GDPR Compliance

1. Lawful Basis

What Xvoucher Will Do:

We will update Xvoucher to capture why a user is accessing Xvoucher. In most cases this will be due to freely given consent or performance of a contract. This will include the following;

  1. A manual feature to select the correct lawful basis category for Xvoucher administrators when an account is created manually.
  2. An automated feature that will set the lawful basis category when an end user account is created automatically. The initial selection can be overridden by an Xvoucher administrator.

2. Consent

What Xvoucher Will Do:

We will update Xvoucher to notify, collect, track,and manage consent based on the GDPR requirements. This may include, but is not limited to, the following:

  1. Collecting consent upon first end user login, whether candidate or customer.
  2. Allowing the end user to modify or withdraw consent on their profile page.
  3. Link specific TOCs if relevant to the organization contract.

3. Removal

What Xvoucher Will Do:

We will update Xvoucher to enable the removal of end user data. This may be a manual or automated process that works within the 30 day window once a request for removal is made.

4. Access

What Xvoucher Will Do:

We will provide a report in Xvoucher that will list out the relevant end user data when a request for access is submitted.

5. Modification

What Xvoucher Will Do:

We will provide a process for Xvoucher administrators to update inaccurate or incomplete end user data when a request for modification is submitted.

6. Cookies

What Xvoucher Will Do:

If applicable, we will provide a notice to the end user that Xvoucher uses cookies and enable the end user to opt in or out. This may be included with the consent opt-in.

7. Security Measures

What Xvoucher Will Do:

Xvoucher has undertaken significant security and infrastructure updates and will continue to review and implement features based on GDPR requirements.