Starting May 25, 2018, the EU General Data Protection Regulation (GDPR) goes into effect for all organizations who collect or process personal data of users located in the EU.
There are three important roles within the GDPR that you should be aware of:
Controller: This is you, our customer. If you’re required to comply with the GDPR, then you need to fulfill your obligations as a Controller.
Processor: That is where you decide to send your data for processing, including to us for the services and platforms we provide to you. We are all set to be a compliant processor, ready and able to assist you with any data subject rights requests you may receive.
Sub Processor: These are the processors and sub contractors we use to run our services. It is our responsibility to ensure that any processor we engage with that touches your data is GDPR compliant.
Looking for a more in depth explanation of GDPR principles? Check out this link from the UK for a great overview of the GDPR.
Here are some of the ways we provide our customers assurances around the transfer of their personal data and achieving GDPR compliance:
We maintain strong technical and organizational security measures around how we handle and protect our customer data.
Our platforms are hosted on state-of-the-art secure cloud hosting platforms that are SOC 1 & 2, SSAE 16/ISAE 3402, ISO 27001, and PCI Level 1 compliant. We maintain active security measures on the perimeter, and utilize third party vulnerability scans.
Blue Sky is pleased to offer a GDPR-compliant Data Processing Addendum (DPA) to our customers which incorporates:
In addition to GDPR Compliance, Blue Sky has received certification approval from the United States Department of Commerce for the EU-US and Swiss-US Privacy Shield Framework program.
The EU-US and Swiss-US Privacy Shield Framework was designed to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the EU, Switzerland, and UK to the US.
To review Blue Sky’s Privacy Shield Certification, click here.
Blue Sky supports an all-inclusive learning experience by building in accessibility standards support, including Section 508 and WCAG 2.0 AA, into our products from the start.
In addition to the native accessibility, we’ve partnered with the industry leader eSSENTIAL Accessibility to offer a free assistive technology application for all users of our site.
Learn more on our accessibility page.
A VPAT report is available upon request.
Reached this page looking for information on how you can submit a Data Subject Request?
Individuals can access their profile data on Blue Sky eLearn Applications by logging into their profile utilizing their assigned unique ID and password. You can also contact us directly to access your data by submitting a request on our Data Subject Request Form located here.
Individuals can submit questions / comments regarding information correction, amendment, deletion, and limiting use and disclosure on our Data Subject Request Form.