Pluralsight and General Data Protection Regulation


To strengthen the security and protection of European Union (EU) citizen personal data, businesses who collect and handle an EU citizen's personal data must comply with the General Data Protection Regulation, commonly referred to as the GDPR.

Pluralsight's mission is to create progress through technology that lifts the human condition. Central to that mission is our commitment to be transparent about how we protect our customer's data. We recognize the trust and responsibility granted to us and we are committed to a robust GDPR compliance program.

Along with updating our own internal business processes to be ready, here is how we support our business customers with the GDPR:

  • As one of your data processors, we ensure compliant data processing controls and reflect such controls in agreements with our customers and our vendors.
  • We developed new product capabilities and processes that allow us to quickly respond to requests to erase or access user data.
  • We are also continually refining how we gather and track consent to perform certain types of data processing.

Data Processor Responsibilities

As a data processor and as outlined by the GDPR, we are committed to providing our customers with:

  • An updated Data Processing Agreement (DPA) that reflects the requirements of the GDPR and ensures compliant data transfer and storage outside of the EU.
  • Technical and organizational security measure to secure data in transit and at rest as well as continuously monitoring for intrusions.
  • Prompt notification of breaches involving customer data.

Capabilities

Existing Capabilities

Though the GDPR is not yet in effect, Pluralsight already enables several of the requirements included in the Regulation, including these capabilities:

  • Right of Access: All users have a right to access their personal data and may do so from their account profile.
  • Right of Rectification: All users have the right to correct any personal data that is inaccurate or incomplete. Corrections may be made by a user in the account profile or by contacting Pluralsight support.
  • Right to Data Portability: In addition to being able to get all learner data from within the account, learners may request their data by contacting Pluralsight customer support.
  • Clear transparency and consent: Upon account creation, learners receive GDPR-compliant notification regarding the data we collect and the purposes of collection. Additionally, learners must "opt-in" to receive specific types of communications. After an account is created, learners have the ability to easily change those preferences regarding communications in their Communications Preferences Dashboard.
  • Notification of Cookie Use: When you visit our website and log in to your account, we display notification and consent banners that direct you to our Privacy Policy, which describes the types of cookies we use.
  • Support for Erasure Requests: We made it easier to honor requests to be forgotten by adding a "close account" feature to your account profile. When we receive a request to delete an account, all personal data associated with that account will no longer be retrievable.

Our Commitment

At Pluralsight we are committed to maintaining an effective security and privacy program. We are dedicated to ensuring customers have the highest confidence in our data protection practices and see GDPR as an opportunity to strengthen this devotion.