Anonymising Users (GDPR Compliance)

Overview

Anonymising a user permanently removes their personal identifiable information from Learn Amp while preserving their activity data for reporting purposes. This feature supports GDPR compliance and "right to be forgotten" requests.

Anonymisation is a one-way process that cannot be undone. Once anonymised, a user's name, email, and other personal details are replaced with anonymous identifiers.

Pre-requisites

Role Requirements

Requirements

• The user must be deactivated before they can be anonymised

• Anonymisation cannot be reversed – ensure this is the correct action before proceeding

Quick Start Guide

1. From the sidebar, click People

2. Select Individuals

3. Click the Status filter and select Deactivated

4. Find the user you want to anonymise

5. Click the three dots (⋮) next to their name

6. Select Anonymise user

7. Confirm when prompted

⚠️ Warning: This action cannot be undone. The user's personal information will be permanently removed.

What Happens When You Anonymise

Removed Permanently

• Name – Replaced with "Anonymous User [ID]"

• Email address – Replaced with an anonymised email

• Job title – Removed

• Bio – Removed

• Profile picture – Removed

• Any personal identifiers – Removed from all records

Preserved (Anonymised)

• Activity completion records (shown as "Anonymous User")

• Quiz and assessment attempts

• Survey responses (already anonymous, remain unchanged)

• Content they created (creator shown as "Anonymous User")

• Historical reports and analytics data

Anonymisation vs Deactivation vs Deletion

Automatic Anonymisation

Learn Amp can automatically anonymise users after they've been deactivated for a set period. This helps maintain GDPR compliance without manual intervention.

To enable automatic anonymisation:

1. Contact your Learn Amp account manager or support

2. Specify the number of years after deactivation when anonymisation should occur

3. The system will automatically anonymise qualifying users

💡 Tip: Common settings are 2-3 years after deactivation, but this should align with your organisation's data retention policy.

GDPR Considerations

Right to Be Forgotten

When a former employee or learner requests their data be removed under GDPR Article 17, anonymisation fulfils this requirement while preserving aggregate reporting data.

Data Subject Access Requests

Before anonymising, consider whether you need to provide the user with a copy of their data. Once anonymised, you won't be able to identify their specific records.

Audit Trail

The anonymisation action is logged in the system, recording:

• When the anonymisation occurred

• Who performed the action

• The original user ID (for audit purposes only)

FAQs

Q: Can I anonymise an active user?
No, users must be deactivated before they can be anonymised. This is a safety measure to prevent accidental data loss.

Q: Will anonymised users still appear in historical reports?
Yes, their activity data is preserved but shown as "Anonymous User [ID]" rather than their name.

Q: Can I recover an anonymised user's data?
No, anonymisation is permanent and cannot be reversed. Always ensure this is the correct action before proceeding.

Q: Does anonymisation affect content the user created?
Content they created remains in the system, but the creator is shown as "Anonymous User" instead of their name.

Q: How do I handle a GDPR deletion request?
For GDPR "right to be forgotten" requests, anonymisation is usually sufficient. If complete deletion is required, contact Learn Amp support.

Q: Can I anonymise users in bulk?
Currently, anonymisation must be done individually. For large-scale anonymisation needs, contact Learn Amp support or use automatic anonymisation settings.

Troubleshooting