GDPR and ActiveLearn
Data Privacy & the General Data Protection Regulation (GDPR)
- Pearson is implementing a GDPR compliance programme which includes building privacy by design into its products and services. This includes the ActiveLearn Service.
- For the purposes of GDPR, if an institutional customer purchases access to the ActiveLearn Service then the institution is the controller for any personal data which is collected or processed by the Service. Pearson will cooperate with institutions to help them fulfil their obligations as controllers under GDPR. Pearson will process the personal data as the institution’s processor, on the institution’s behalf, in order to make the ActiveLearn Service available to the institution and its users.
- Our purchase terms and conditions have been updated to comply with GDPR. The new terms and conditions will apply to new orders and renewals. Under GDPR certain issues have to be covered in contracts between controllers and processors and we have addressed this in the “Data Protection” clause in our terms and conditions which you can see here for ActiveLearn and here for ActiveLearn Primary. For example, Pearson maintains an information security program which is appropriate for the personal data, and Pearson maintains appropriate technical, security and organisational measures to protect the personal data.
- The Active Learn Service is hosted in the EU although customer and technology support may be provided from outside the EU. In such instances Pearson ensures an appropriate level of protection, adopting methods which are in line with GDPR and with the UK Information Commissioner’s guidance.
- Pearson’s global information security policies are based on the ISO/IEC27001:2013 international Information Security standard. Pearson’s Chief Information Security Officer (CISO) is accountable for all security policies, with all employees being responsible for compliance. The security policies are reviewed at least annually, or after a significant business change. The security policies are used to inform all Pearson projects of CISO’s Secure or Privacy by Design requirements. Under direct control of the CISO office is a dedicated Security Operations Centre (SOC). This group continuously monitors Pearson’s infrastructure for potential security threats and vulnerabilities and manages such incidents as may arise 364x24x7.
- Our Data Protection Officer is based in the UK and can be contacted at firstname.lastname@example.org.