Webinars forum

Hi Stephanie, I’m part of the Totara team and can help with this one, thanks for your question.

Totara’s approach aligns with GDPR best practices by allowing organisations to control the data flow via the use of their own OpenAI account, something we outline in Totara's AI approach. In ‘our AI principles’ section on this page, we outline that AI integrations within Totara only access the data and content prescribed and opted into by Totara customers, and never include Personally Identifiable Information.

However full compliance will be up to how organisations manage this integration. We would suggest reviewing OpenAI’s Enterprise Privacy Policy to ensure it meets your specific compliance needs.

Totara has integrated AI and Machine Learning (ML) technologies in several areas to enhance user experience and streamline content discovery. Each of these features are designed to be opt-in, giving customers full control over their use.

The AI Course Tag Recommendations feature which is powered by the OpenAI integration uses the OpenAI API service to suggest relevant tags for courses, enabling easier categorisation and discovery of content. This feature is powered by a third-party provider, specifically OpenAI, and involves processing data externally. The AI system analyses course titles and course descriptions to generate appropriate tag suggestions. This feature is opt-in and requires the use of the customer’s own OpenAI API account, allowing customers to decide whether they want to enable external data processing. This gives you full control of how the data is being processed too.

OpenAI has their own information on how external data processing is handled. As of writing, data processed via OpenAI’s API is not used to train or improve their models. You can read more about this on OpenAI's website here.