Legal Documents Report - Article
Summary
The Legal Documents report tracks who accepted which legal or consent version, when, and under what context. It provides audit-ready evidence for privacy, regulatory, and governance requirements across platform-wide policies and consent-based workflows.
In this article you will learn:
- How the Legal Documents report tracks acceptance of legal and consent documents
- How version history and timing support audit and compliance requirements
- How the report supports GDPR and other regulatory frameworks
- How legal acceptance data can be used in platform-wide and training-specific contexts
Purpose and Scope
The Legal Documents report provides verifiable, audit-ready insight into user acceptance of legally binding documents across the Eurekos platform. This includes mandatory documents such as Privacy Policies as well as consent-based acknowledgements collected through questionnaires.
This report is particularly relevant for organizations operating under data protection, privacy, and regulatory frameworks such as GDPR, UK GDPR, CCPA/CPRA, HIPAA, ISO 27001, ISO 27701, SOC 2, and industry-specific compliance regimes in healthcare, finance, energy, and regulated professional services.
In these environments, it is not enough to simply publish legal or regulatory content—organizations must be able to demonstrate acceptance, track version history, and prove timing relative to user access, enrollment, and participation. The Legal Documents report is designed to meet these requirements with precision, traceability, and long-term auditability.
The Legal Documents report answers questions such as:
- Which users accepted which version of our privacy policy?
- Did acceptance occur before data processing or participation?
- Can we prove compliance during a specific audit window?
In training and certification workflows, it supports scenarios like:
- Capturing consent for industry-specific policies (e.g. healthcare, finance, safety)
- Proving regulatory acknowledgements tied to course enrollment
- Demonstrating that required declarations were accepted before participation—across regions and organizations
What Legal Documents Are Covered
The report supports two distinct but complementary document types:
1. Privacy Policy
Tracks acceptance of the platform’s privacy policy over time, including:
- Version control
- User identity
- Date of acceptance
This is typically tied to user registration and re-acceptance workflows when material changes are introduced.
2. Questionnaires with Consent Question Type
Tracks acceptance of consent statements embedded in questionnaires, often used for:
- Training-specific regulatory acknowledgements
- Industry or role-specific compliance statements
- Program-level or regional legal requirements
This allows organizations to collect consent contextually—at enrollment, before participation, or as part of a defined learning flow.
Report Output and Structure
| Report Type | Included Data | Structure & Notes |
|---|---|---|
| Privacy Policy Report |
| If no specific policy version is selected, the report includes all accepted versions within the selected reporting period. This supports full historical traceability across policy updates |
| Consent Questionnaire Report |
| The structure adapts based on selection:
|
For audit and regulatory purposes, historical acceptance records are retained and remain accessible even after documents are updated or replaced, ensuring long-term traceability and evidence continuity.
Important behavior:
- Anonymous responses are included where applicable
- If respondent details are anonymized, names appear as Anonymous and emails are blank
- Column headers and consent answers are exported in the user’s language
- Timestamps respect the user’s configured timezone
Permissions, Data Access, and Organization Layer
The Legal Documents Report is governed by role-based permissions and the organization layer. Users can only see data they are authorized to access based on their role, organizational affiliation, and scope of responsibility.
In practice:
- Data visibility is limited to permitted organizations, activities, and entities
- Parent organizations can see aggregated sub-organization data; sub-organizations cannot see upward or sideways
- Blocked users remain visible for historical accuracy; deleted users are excluded for privacy compliance; Cancelled and expired enrollments remain visible for audit and traceability
- The same rules apply consistently to both on-screen analytics and exported reports
This ensures secure, consistent, and audit-ready access to data across the platform.
Deviation: Privacy-focused reports may exclude deleted users entirely and include anonymized responses where applicable.
Example Scenario: GDPR Consent in a Multi-Country Training Program
A European organization delivers a regulated training program across 17 EU member states. Participation requires sharing learner data—such as enrollment, progress, and certification status—with national managing offices in each country.
Before users can enroll, they must accept:
- The platform Privacy Policy
- A program-specific consent covering cross-border data sharing
Over time, these documents are updated as regulations change, requiring re-acceptance from users.
Using the Legal Documents report, administrators can quickly demonstrate:
- Who accepted which version of each legal document
- When acceptance occurred, relative to enrollment and data access
- That consent was collected before data processing or sharing
- Compliance status per country, organization, or audit period
This allows the organization to prove GDPR-compliant consent (including Article 7 requirements) across multiple jurisdictions—without manual tracking, screenshots, or fragmented evidence—while remaining continuously audit-ready.