Security
Technical measures that protect personal data at rest, in transit, and at every access point, in line with Article 32 of the GDPR.
Password Protect Exported Files
Whenever learner data is exported from TrainerCentral, you can apply password protection to the exported file. This ensures that sensitive data cannot be accessed by unauthorized parties, even if the file is inadvertently shared.
Encrypt Fields
Mark specific data fields containing personal information for encryption. Encrypted fields are protected using strong cryptographic standards, limiting exposure in the event of a breach, in line with GDPR's 'appropriate technical measures' requirement under Article 32.
Multi-Factor Authentication
Add a second layer of verification beyond passwords. Enabling MFA for learners reduces the risk of unauthorized access to learner data, a core security expectation under GDPR Article 32.
Encrypted Recordings
Session recordings are encrypted-at-rest. This protects any identifiable information such as faces, voices, or names visible in recordings from unauthorized access or interception during storage and retrieval.
Privacy - GDPR Data Subject Rights
TrainerCentral provides built-in tools to help you honor rights that your learners are entitled to, under the GDPR.
Right to Erasure [Article 17]
Self Account Deletion for Learners
Once this option is enabled by the Admin, learners can delete their own accounts directly from their profile. This allows data subjects to exercise their right to erasure.
Delete Learner Data as Admin
Admins can permanently delete a learner's account and associated data upon request. This enables you to respond to erasure requests in a timely, documented manner as required by Article 17.
Admin Account Self Deletion
Admins can delete their own TrainerCentral account and associated data, ensuring that no personal data is retained after they cease to use the platform — covering data subject rights for all user types, not just learners.
Right to Data Portability [Article 20]
Data Portability via Export
Learner data can be exported in a structured format. When a learner requests for a copy of their data such as enrollment history, profile details, and more, you would be able to fulfil this obligation.
Right to be Informed [Articles 13 & 14]
Recording Consent
Before a live session is recorded, learners receive a clear notification and consent prompt. This ensures that learners are informed that their image, voice, or interactions may be captured — a key obligation under GDPR when processing personal data.
Privacy Policy & Terms of Service in Enrollment Forms
Add your organization's privacy policy and terms of service directly to enrollment or sign-up forms. Learners must acknowledge these before submitting their information, creating a documented record of informed consent at the point of data collection.
Additional Compliance Tools
Beyond individual data rights, TrainerCentral equips you to track actions on learner data with the help of the audit trail feature. TrainerCentral also enables learners to manage their communication and profile picture visibility preferences in line with GDPR.
Audit Trail
Track administrative actions taken on learner data — what was changed, and when. Audit trails are crucial for demonstrating accountability to supervisory authorities and for internal compliance reviews. GDPR requires that data controllers maintain records of processing activities (Article 30).
Profile Picture Visibility Controls
Learners can control who can view their profile picture. This gives data subjects a meaningful way to restrict the display of their profile picture to a limited audience.
Unsubscribe
Learners can opt out of marketing communications at any time with a single click. GDPR mandates that individuals must be able to withdraw marketing consent as easily as they gave it — the unsubscribe mechanism guarantees this.
Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.