360Learning Compliance with GDPR

  • Updated

Our personal data compliance program, both as a data controller and as a personal data subprocessor, is built around the pillars of compliance, established by reference to the General Data Protection Regulation (GDPR) and the recommendations of the European authorities.

Compliance pillars

  • A general personal data protection policy, describing the Group's commitments in terms of personal data protection, accessible from our website.
  • Appointing a DPO.

As data sub-processor:

  • The implementation of a continuously improved GDPR compliance program for our platform.
  • A DPA based on the European Commission's standard model in compliance with the GDPR and Data Protection Authorities recommendations.
  • Technical documentation detailing our safety measures.
  • Bi-annual platform compliance audits with expert assistance.

As data controller:

  • Mapping and maintenance of two processing records (data controller and data processor).
  • Regular audits of processing and mapping with the help of experts.
  • Procedures and policies such as a governance policy, a data retention policy, a security breach notification procedure and an individual rights access procedure.
  • A processing notice.
  • An IT Charter.
  • An internal training program on the protection of personal data.
  • An IT Security Department responsible for technical and organizational security measures and the Security Assurance Plan.

All part of the ISO 27001 certification obtained by 360Learning.

The purpose of this booklet is to describe the program and actions implemented to ensure compliance with the applicable data protection rules. It provides answers to the most frequently asked questions.

PART ONE: 360LEARNING AS A SUB-PROCESSOR

PART TWO: 360LEARNING A AS DATA CONTROLLER

A list of frequently asked questions is available here :

Check out our blog for more L&D resources.

Was this article helpful?

4 out of 4 found this helpful

Have more questions? Submit a request