Latest LearnDash update focuses on GDPR.
Today’s update centers on the General Data Protection Regulation (GDPR). If this is the first time you have heard of GDPR, then you can learn more about it from the European Commission’s Data Protection page.
This article is strictly about how LearnDash (the software) has been updated so that your LearnDash powered learning programs are compliant.
Please note that this post is in no means meant to be perceived as legal advice or guidance for GDPR compliance, but it is instead meant to provide you with a description of the tools in LearnDash that help you be compliant as it relates only to our software. You should consult an attorney to ensure that your business is fully GDPR compliant.
What data does LearnDash LMS collect?
Before jumping into the GDPR specific features in LearnDash I want to take a moment to discuss the data that the plugin specifically collects about users.
The LearnDash plugin stores a user’s course progress, including completion status, quiz scores, assignments and/or essay submissions (if applicable). Also, WordPress stores comments on courses, lessons, topics, assignments, and essays if these features are activated.
LearnDash does not store the email address (or any personal information) as part of the course progress. We only store the course, lesson, topic, and quiz IDs.
In addition to the general learner data when taking courses, the LearnDash plugin also stores transaction data if you are selling courses using the built-in PayPal feature, the Stripe add-on, SamCart add-on, or the 2Checkout add-on. When processing payments some data will be passed to the payment gateway (PayPal, Stripe, SamCart, and/or 2Checkout depending), including information required to process or support the payment, such as the email address, purchase total, and billing information.
How does LearnDash help you be GDPR Compliant?
Recently WordPress released a maintenance and privacy update specifically adding functionality to help you comply with GDPR requirements. This update included the important ability for you to export and erase personal data (found under the TOOLS menu).
The good news for you is that the LearnDash plugin hooks right into this functionality, making GDPR related requests convenient for you to manage.
This means that if one of your learners requests their personal data then you just need to use the built-in WordPress ability to export their account information. The same is true with data deletion.
How to Update
All of this new functionality is available for you today in LearnDash v2.5.8.
For a full list of the updates in this version of LearnDash, please see the changelog.
Note: You must be using WordPress v4.9.6 in order to take advantage of the GDPR features.
What’s Coming Up
As you would expect, GDPR sidetracked our normal development for a moment – but now we are back at it! While we have a few concurrent projects at present, the most important include:
- Preparing LearnDash to be “Gutenberg ready” (more details here)
- Working on LearnDash 3.0
Both of these are rather large undertakings and very exciting.
Thank you so much for choosing us as your learning management system. Your positive feedback has been incredibly motivating for our team as we continue to evolve.
Until next time!
PS: Don’t have LearnDash yet? Join us!