GDPR & Totara

Since LMS systems contain personal data such as names, email addresses, assessments, and other confidential information of learners and teachers, data protection in this area is crucial. Failure to comply with the GDPR comes at a high price. It is therefore in your best interest to work with an LMS provider that makes compliance with the GDPR easy and effective.

Why privacy is important in the LMS

  • Privacy protection: Learners and teachers have a right to privacy and protection of their personal data. Effective data protection in the LMS ensures that personal information can only be viewed by authorized persons.
  • Prevention of data misuse: Inadequate data security can lead to data being misused by third parties. It is important to ensure that personal data does not fall into the wrong hands.
  • Compliance with data protection regulations: Companies and organizations are required by law to comply with data protection regulations. Effective data protection in the LMS ensures that data protection regulations are complied with and that learners and teachers are informed about them.
  • Maintaining trust: Learners and educators need to be confident that their personal data is safe and secure. Effective data protection in the LMS can maintain trust in the system and your organization.

How does Totara help with compliance with the GDPR?

To make it easier for users* to access and remove their own data, Totara has two configurable features: Export Types and Purge Types.

Export types allow you to define which data users are allowed to export on their own. Only the user's own data can be exported.

Purge types, on the other hand, allow you to configure which data should be completely removed. Purge differs from the standard purge process in that it allows much greater control over what data is removed.

Purge tasks can be scheduled (automatic) or executed ad hoc (manual) as needed.

Website policies

To facilitate compliance with the GDPR it is also possible to create, edit, review and delete website policies for their Totara website. Each policy can have one or more consent-related user acknowledgements that may or may not be mandatory to accept. When this option is enabled, users* must view and agree to all current website policies.

There is also a report that can be used to see whether someone has consented or not.


Overall, Totara can help companies and organizations ensure data privacy and facilitate compliance with privacy regulations. Through the use of access restrictions, user management, security features, consent forms, and reporting, administrators can ensure that personal data is safe and secure.