Audit Trail: accountability for GDPR on Forma

One of the most important principles of the GDPR is that of accountability, so owners and managers must be able to demonstrate that the processing has always been carried out in accordance with the regulation , and to be able to quickly identify the cause of any data theft or tampering.

Technical precautions may not be enough, especially on an e-learning platform ...

Article. 24 of the GDPR says verbatim that:

[...], the data controller implements adequate technical and organizational measures to guarantee, and be able to demonstrate , that the treatment is carried out in accordance with this regulation. These measures are reviewed and updated when necessary

New plugin for Forma

In short, it is not enough to prevent by adapting to the specifications of technical and organizational compliance with the principles of privacy by default and by design. The GDPR requires that owners and managers are also able to easily demonstrate the compliance of the treatment carried out, defining in fact a reporting obligation, and that's why we have implemented a new plugin for Forma that will help you improve these processes.

Now, in case of legal dispute, how can we know who manipulated a user's data and when, to check if he was actually authorized to do so?

Can we verify when the user has given consent to the information and to the other disclaimers?

Let's not forget that on an elearning platform users' personal data are often accessible to a multiplicity of users, for different and lawful reasons:

The owner of the project and treatment
The technical managers of the platform (e.g. corporate IT or external supplier)
Managers who follow specific projects or organizational areas (e.g. the plant manager who must manage only his subordinates)
Teaching support staff, such as tutors and teachers
The users themselves, who can manage their data

Audit Trail plugin for Forma

This is the purpose of the Audit Trail plugin for Forma, which will record in a special "log" all the operations carried out on the platform, especially as regards:

creation, editing and deletion of users
modification of users' personal data
enrollment and unsubscription from courses

audittrail log screenshot

audittrail settings screenshot

audittrail log details screenshot

Many other operations

The operations that are possible and useful to record are many, potentially any action performed on the platform by users and administrators... and you can configure the system by choosing exactly the level of detail you need.

The log will tell you exactly who changed what and where on the platform.

Conclusion

Forma Lms is already GDPR compliant by default and by design, but there is more to compliance than what comes out of the box.

If you want to have more control on all the operations and actions carried out on your LMS, Audit Trail is a must-have tool.

News & Events

Forma LMS 4.1.0

This is the first minor release for the 4.x series, including important feature improvements, refactorings and removals. Read...
Forma LMS 4.0.11

New maintenance release fixing some issues and adding a new option to show or hide completed course in MyCourses page
Forma LMS 3.3.25

This is a maintenance release including several minor fixes on translations and layout, improving some features and ux...

Press Release

"Develop content relevant to the user": Massimiliano Talks...

Cybernews.com is a research-based online publication providing cybersecurity-related news, analysis, and opinions by industry...

Read More
Free Webinar: Power to Tests

Our free webinar will be held in Italian and will focus on two plugins: Test Charts and Test360°

Read More
Forma Plugins Free Webinar: Last Places Available

Have you registered for our free webinar on Forma LMS plugins? Register now and learn how to use Forma at its best and adapt...

Read More