Skip to main content

Does GDPR Matter When Issuing Digital Credentials?

It’s difficult to spend any amount of time on the internet without coming across a company ensuring that you’re agreeing to their cookies policy, have read their terms of service, or are aware of their privacy policy. Corporations across the globe made a major push in the spring of 2018 to be compliant with the European Union’s General Data Protection Regulation (the “GDPR”). The regulation gives consumers more control over how their personal information is used and this regulation is meant to result in less spam in your inbox, fewer chances for data breaches, and more control over who can contact you.

Few things are more personal than our professional qualifications, and learning something, and then having verified proof of that knowledge or skill, can help people get jobs and promotions and improve their quality of life. When dealing with this type of data, GDPR compliance matters, and Credly considers the data security and privacy of both our credential issuers and our credential earners. That care extends to Credly’s suppliers, and we enter into agreements with our suppliers to ensure that every single organization that processes Personally Identifiable Information on Credly’s behalf (known as “subprocessors”) are also GDPR compliant.

As such, GDPR compliance is a shared responsibility between Credly, its clients and its suppliers: Credly complies with the GDPR by monitoring to maintain the ongoing confidentiality, integrity, availability, and resilience of our systems. Credly works to ensure we can restore data in a timely manner in the event of a physical or technical incident, and, we regularly test, assess and evaluate the effectiveness of our technical and organizational measures. Credly’s clients contribute to data security by establishing a lawful basis for their transfer of personal data to Credly, in some cases relying on consent from their credential earners by including a reference to their use of Credly in the terms that govern their program, and in others relying on serving the legitimate interests of their credentialing program and associated credential earners.

In short, we take your data, and the data of your badge earners, very seriously.