16 April 2018

Important changes to Customer Handbook to meet GDPR

As you may be aware, the new European General Data Protection Regulation (GDPR) comes into force on 25 May 2018. The GDPR will strengthen the protection of personal data of individuals by imposing a new framework of requirements on organisations that collect and process personal data, and by enhancing individual’s rights.

The GDPR applies to organisations located within the European Economic Area (EEA) (including the UK following Brexit) that process information relating to individuals. The GDPR may also apply to organisations located outside the EEA if the organisation has a presence in the EEA, or monitors the behaviour of individuals within the EEA (for example via cookies) or offers services to individuals within the EEA.

Detailed guidance on the GDPR is available on the website of the Information Commissioner’s Office. The City & Guilds Group is undertaking a robust GDPR Compliance Project which includes, amongst other high priority actions, a review of our contracts with our customers – including ILM Centres and Providers.

ILM has updated the ILM Contract and Handbook in line with the requirements of the GDPR. For ease, the key elements of our approach to GDPR, which are reflected in the updated ILM Contract and Handbook, can be summarised as follows. Where the GDPR applies to the ILM Centre/Provider:

  • ILM Centres/Providers must comply with the GDPR, including when they transfer learner personal data to ILM.
  • ILM must also comply with the GDPR, including when it processes learner personal data received from ILM Centres/Providers.
  • ILM and each ILM Centre and ILM Provider are independent data controllers.
  • ILM Centres/Providers must notify their learners that their personal data will be shared with ILM for the purposes of learning, assessment, and certification. This may be done in the ILM Centre’s or Provider’s privacy policy or notice.
  • ILM Centres/Providers must direct ILM learners to the ILM learner privacy notice, which sets out how ILM will process learner personal data, and is located at https://www.i-l-m.com/privacy/learnerpersonaldata
  • ILM Centres/Providers may be required to share sensitive personal data with ILM where a reasonable adjustment is requested, or in the course of an investigation, complaint, or appeal. The ILM Centre/Provider is responsible for obtaining the explicit consent of the learner to share sensitive personal data with ILM.

Please note that other awarding bodies may have different requirements.

City & Guilds Group Privacy Policy

The City & Guilds Group is committed to data security and the fair and transparent processing of personal data. We will publish a new privacy policy which sets out how members of the City & Guilds Group, including ILM, will treat personal data in compliance with applicable data protection law, including the GDPR on https://www.cityandguildsgroup.com/group-policies prior to 25 May 2018.

ILM Events

Visit our Events page to browse our range of Webinars and Events