https://docs.moodle.org/310/en/api.php?action=feedcontributions&feedformat=atom&user=Sander%40moodle.comMoodleDocs - User contributions [en]2026-04-20T20:42:10ZUser contributionsMediaWiki 1.43.5https://docs.moodle.org/310/en/index.php?title=VPAT&diff=140664VPAT2021-11-12T06:46:39Z<p>Sander@moodle.com: /* Notes */</p>
<hr />
<div>=Moodle accessibility conformance report=<br />
WCAG Edition<br />
<br />
(Based on VPAT® Version 2.4)<br />
{| class="wikitable"<br />
|<small>'''Name of product/version'''</small><br />
|<small>'''Moodle 3.10'''</small><br />
|-<br />
|<small>'''Report date'''</small><br />
|<small>August 2021</small><br />
|-<br />
|<small>'''Product description'''</small><br />
|<small>The world's most customisable and trusted open-source learning management system</small><br />
|-<br />
|<small>'''Contact information'''</small><br />
|<small>support@moodle.com</small><br />
|}<br />
==Notes==<br />
This accessibility conformance report is based on an audit of Moodle version 3.10. The audit was completed by Web Key IT in January 2020, and in November 2020, this version received WCAG 2.1 Level AA accreditation from the company.<br />
===Revision history===<br />
{| class="wikitable"<br />
|<small>'''Revision'''</small><br />
|<small>'''Date'''</small><br />
|<small>'''Remarks'''</small><br />
|-<br />
|<small>3.10-v0.1</small><br />
|<small>2021-07-31</small><br />
|<small>Initial issue</small><br />
|-<br />
|<small>3.10-v0.2</small><br />
|<small>2021-09-07</small><br />
|<small>Added notes to clarify that this conformance report is based on the accessibility audit for Moodle 3.10.</small><br />
|}<br />
==Evaluation methods used==<br />
This conformance report is based on the results of an accessibility audit conducted by Web Key IT on a sample of 20 key pages. These pages were selected by Web Key IT and agreed on by Moodle as representative of the overall accessibility and functionality of the Moodle learning management system (LMS).<br />
<br />
The evaluation was completed following the [http://www.w3.org/TR/WCAG-EM/ WCAG Evaluation Methodology (WCAG-EM)].<br />
<br />
The pages were audited manually and cross-checked using a team of website evaluators to ensure that the results and comments presented are valid and comprehensive. Separate and external testing of these pages has been conducted by a group of trained testers, all with disabilities.<br />
<br />
The following tools and applications were used as part of the audit:<br />
*Desktop browsers<br />
**Google Chrome<br />
**Internet Explorer 11<br />
**Firefox<br />
*Screen reader<br />
**JAWS<br />
**NVDA<br />
*Other tools<br />
**NU HTML Validator<br />
==Applicable standards and guidelines==<br />
This report covers the degree of conformance for the following accessibility standards/guidelines:<br />
{| class="wikitable"<br />
|'''Standard/Guideline'''<br />
|'''Included In Report'''<br />
|-<br />
|[http://www.w3.org/TR/2008/REC-WCAG20-20081211 Web Content Accessibility Guidelines 2.0]<br />
|Level A (Yes )<br />
Level AA (Yes)<br />
<br />
Level AAA (Yes)<br />
|-<br />
|[https://www.w3.org/TR/WCAG21 Web Content Accessibility Guidelines 2.1]<br />
|Level A (Yes)<br />
Level AA (Yes)<br />
<br />
Level AAA (Yes)<br />
|}<br />
==Terms==<br />
The terms used in the Conformance Level information are defined as follows:<br />
*'''Supports''': The functionality of the product has at least one method that meets the criterion without known defects or meets with equivalent facilitation.<br />
*'''Partially Supports''': Some functionality of the product does not meet the criterion.<br />
*'''Does Not Support''': The majority of product functionality does not meet the criterion.<br />
*'''Not Applicable''': The criterion is not relevant to the product.<br />
*'''Not Evaluated''': The product has not been evaluated against the criterion. This can be used only in WCAG 2.0 Level AAA.<br />
==WCAG 2.1 report==<br />
===Table 1: Success criteria, Level A===<br />
Notes:<br />
{| class="wikitable"<br />
| colspan="2" |'''Criteria'''<br />
| colspan="2" |'''Conformance Level'''<br />
| colspan="2" |'''Remarks and Explanations'''<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#text-equiv-all 1.1.1 Non-text Content]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-av-only-alt 1.2.1 Audio-only and Video-only (Prerecorded)]<br />
| colspan="2" |Supports<br />
| colspan="2" |Moodle does not natively have audio and video content but it provides options for content creators to upload video/audio content with captions and subtitles.<br />
Video/audio transcripts can also be provided by content creators.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-captions 1.2.2 Captions (Prerecorded)]<br />
| colspan="2" |Supports<br />
| colspan="2" |Moodle provides options for content creators to attach captions to uploaded audio and video content.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-audio-desc 1.2.3 Audio Description or Media Alternative (Prerecorded)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Content creators can upload audio and video content with audio descriptions or media alternatives.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#content-structure-separation-programmatic 1.3.1 Info and Relationships]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#content-structure-separation-sequence 1.3.2 Meaningful Sequence]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#content-structure-separation-understanding 1.3.3 Sensory Characteristics] <br />
| colspan="2" |Partially supports<br />
| colspan="2" |Moodle does not solely rely on sensory characteristics.<br />
However, it has question types that require users to drag and drop answers to questions in a quiz.<br />
<br />
A disclaimer is provided to warn quiz creators that drag and drop question types are not accessible for visually impaired users.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-without-color 1.4.1 Use of Color]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-dis-audio 1.4.2 Audio Control]<br />
| colspan="2" |Supports<br />
| colspan="2" |User-uploaded audio and video content are set not auto-play by default although content creators have the option to enable or disable automatic playback of audio and video content.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#keyboard-operation-keyboard-operable 2.1.1 Keyboard]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#keyboard-operation-trapping 2.1.2 No Keyboard Trap]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#character-key-shortcuts 2.1.4 Character Key Shortcuts] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |Moodle's rich text editor supports keyboard shortcuts. These shortcuts are only active when the user is in the editing area.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#time-limits-required-behaviors 2.2.1 Timing Adjustable]<br />
| colspan="2" |Supports<br />
| colspan="2" |When a user's session is about to expire, a warning dialogue is being displayed to the user which allows them to extend their session.<br />
There's no limit as to how many times they can extend their session.<br />
<br />
By default, the warning dialogue will be displayed 20 minutes before the session expires.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#time-limits-pause 2.2.2 Pause, Stop, Hide]<br />
| colspan="2" |Not evaluated<br />
| colspan="2" |This has not been evaluated because Moodle does not natively contain moving, blinking, and scrolling content.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#seizure-does-not-violate 2.3.1 Three Flashes or Below Threshold]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-skip 2.4.1 Bypass Blocks]<br />
| colspan="2" |Supports<br />
| colspan="2" |Skip links are supported in all main browsers, with the exception of Internet Explorer.<br />
With Microsoft ending its support for Internet Explorer, Moodle has ceased support for this browser from Moodle 3.10 onwards.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-title 2.4.2 Page Titled]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-focus-order 2.4.3 Focus Order]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-refs 2.4.4 Link Purpose (In Context)]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#pointer-gestures 2.5.1 Pointer Gestures] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#pointer-cancellation 2.5.2 Pointer Cancellation] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |Pointer cancellation is supported in all main browsers with the exception of Internet Explorer.<br />
With Microsoft ending its support for Internet Explorer, Moodle has ceased support for this browser from Moodle 3.10 onwards.<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#label-in-name 2.5.3 Label in Name] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#motion-actuation 2.5.4 Motion Actuation] (2.1 only)<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Moodle does not have built-in features that offer functionalities that are operated by device or user motion.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#meaning-doc-lang-id 3.1.1 Language of Page]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#consistent-behavior-receive-focus 3.2.1 On Focus]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#consistent-behavior-unpredictable-change 3.2.2 On Input]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#minimize-error-identified 3.3.1 Error Identification]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#minimize-error-cues 3.3.2 Labels or Instructions]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#ensure-compat-parses 4.1.1 Parsing]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#ensure-compat-rsv 4.1.2 Name, Role, Value]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|}<br />
===Table 2: Success criteria, Level AA===<br />
Notes:<br />
{| class="wikitable"<br />
| colspan="2" |'''Criteria'''<br />
| colspan="2" |'''Conformance Level'''<br />
| colspan="2" |'''Remarks and Explanations'''<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-real-time-captions 1.2.4 Captions (Live)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Moodle does not contain synchronised media with live audio content.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-audio-desc-only 1.2.5 Audio Description (Prerecorded)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Moodle does not natively have audio and video content but content creators can upload audio and video content with audio descriptions or media alternatives to these content.<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#orientation 1.3.4 Orientation] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#identify-input-purpose 1.3.5 Identify Input Purpose] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-contrast 1.4.3 Contrast (Minimum)]<br />
| colspan="2" |Partially supports<br />
| colspan="2" |Moodle does not rely solely on colour to convey visual information.<br />
Though there are some known colour contrast issues:<br />
<br />
- Dimmed text in tables with striped rows have insufficient contrast against rows with a grey background.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-scale 1.4.4 Resize text]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-text-presentation 1.4.5 Images of Text]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#reflow 1.4.10 Reflow] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |Reflow is supported in all main browsers with the exception of Internet Explorer.<br />
With Microsoft ending its support for Internet Explorer, Moodle has ceased support for this browser from Moodle 3.10 onwards.<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#non-text-contrast 1.4.11 Non-text Contrast] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#text-spacing 1.4.12 Text Spacing] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#content-on-hover-or-focus 1.4.13 Content on Hover or Focus] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-mult-loc 2.4.5 Multiple Ways]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-descriptive 2.4.6 Headings and Labels]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-focus-visible 2.4.7 Focus Visible]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#meaning-other-lang-id 3.1.2 Language of Parts]<br />
| colspan="2" |Not evaluated<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#consistent-behavior-consistent-locations 3.2.3 Consistent Navigation]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#consistent-behavior-consistent-functionality 3.2.4 Consistent Identification]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#minimize-error-suggestions 3.3.3 Error Suggestion]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[[3.3.4 Error Prevention (Legal, Financial, Data)]]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#status-messages 4.1.3 Status Messages] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|}<br />
===Table 3: Success criteria, Level AAA===<br />
Notes:<br />
{| class="wikitable"<br />
| colspan="2" |'''Criteria'''<br />
| colspan="2" |'''Conformance Level'''<br />
| colspan="2" |'''Remarks and Explanations'''<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-sign 1.2.6 Sign Language (Prerecorded)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Moodle does not natively have audio and video content but content creators can upload prerecorded video content with sign language.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-extended-ad 1.2.7 Extended Audio Description (Prerecorded)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Moodle does not natively have audio and video content but content creators can upload prerecorded multimedia content with extended audio descriptions.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-text-doc 1.2.8 Media Alternative (Prerecorded)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Moodle does not natively have audio and video content but content creators can provide media alternatives for their prerecorded multimedia content.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-live-audio-only 1.2.9 Audio-only (Live)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#identify-purpose 1.3.6 Identify Purpose (2.1 only)]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast7 1.4.6 Contrast (Enhanced)] <br />
| colspan="2" |Partially supports<br />
| colspan="2" |Text colours in Moodle usually have a contrast ratio greater than 7:1 against their background.<br />
There are some texts with colours that meet the minimum contrast ratio of 4.5:1 for WCAG 2.1 Level AA but do not meet the enhanced colour contrast requirement of 7:1 for WCAG 2.1 Level AAA.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-noaudio 1.4.7 Low or No Background Audio]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-visual-presentation 1.4.8 Visual Presentation]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-text-images 1.4.9 Images of Text (No Exception)]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#keyboard-operation-all-funcs 2.1.3 Keyboard (No Exception)]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#time-limits-no-exceptions 2.2.3 No Timing]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#time-limits-postponed 2.2.4 Interruptions]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#time-limits-server-timeout 2.2.5 Re-authenticating]<br />
| colspan="2" |Partially supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#timeouts 2.2.6 Timeouts (2.1 only)]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#seizure-three-times 2.3.2 Three Flashes]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#animation-from-interactions 2.3.3 Animation from Interactions (2.1 only)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-location 2.4.8 Location]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-link 2.4.9 Link Purpose (Link Only)]<br />
| colspan="2" |Partially supports<br />
| colspan="2" |Most links are uniquely identifiable by the link text only. However, some known areas where the link purpose cannot be determined by the link text only are:<br />
*Edit, delete, reply links in a list of posts within a forum discussion<br />
*The letter links for filtering a list of users by first name or surname do not make sense out of context.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-headings 2.4.10 Section Headings]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#target-size 2.5.5 Target Size (2.1 only)]<br />
| colspan="2" |Partially supports<br />
| colspan="2" |Button icons do not have the recommended target size of at least 44 x 44 pixels.<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#concurrent-input-mechanisms 2.5.6 Concurrent Input Mechanisms (2.1 only)]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#meaning-idioms 3.1.3 Unusual Words]<br />
| colspan="2" |Not evaluated<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#meaning-located 3.1.4 Abbreviations]<br />
| colspan="2" |Partially supports<br />
| colspan="2" |Abbreviations in Moodle's language strings such as KB, MB, PDF, Doc, etc., are not enclosed in <nowiki><abbr> tags nor auto-linked to a dictionary definition. </nowiki><br />
However, there is a mechanism that can enable auto-linking of user-generated content to a glossary.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#meaning-supplements 3.1.5 Reading Level]<br />
| colspan="2" |Supports<br />
| colspan="2" |Moodle's language strings in its user interface are aimed to be descriptive and concise.<br />
It also has several language packs that can be downloaded and installed for sites that have children as the primary users.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#meaning-pronunciation 3.1.6 Pronunciation]<br />
| colspan="2" |Not evaluated<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#consistent-behavior-no-extreme-changes-context 3.2.5 Change on Request]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#minimize-error-context-help 3.3.5 Help]<br />
| colspan="2" |Partially supports<br />
| colspan="2" |Context-sensitive help is provided for input elements in forms where the label may not be sufficient to explain the purpose of the input element.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#minimize-error-reversible-all 3.3.6 Error Prevention (All)]<br />
| colspan="2" |Supports<br />
| colspan="2" |Form validation mechanisms are provided to allow users to correct their inputs when completing a form.<br />
Confirmation dialogues or pages are also present to prevent users from accidentally performing an irreversible action (e.g. data deletion, etc.).<br />
|}<br />
==Legal disclaimer==<br />
The information herein is provided in good faith based on Moodle 3.10 at the time of the accessibility audit and does not represent a legally binding claim. Please [https://moodle.com/contact/ contact Moodle Pty Ltd] to report any accessibility errors or conformance claim errors for re-evaluation and correction, if necessary.</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=VPAT&diff=140598VPAT2021-09-08T02:43:34Z<p>Sander@moodle.com: /* Revision history */</p>
<hr />
<div><br />
=Moodle accessibility conformance report=<br />
WCAG Edition<br />
<br />
(Based on VPAT® Version 2.4)<br />
{| class="wikitable"<br />
|<small>'''Name of product/version'''</small><br />
|<small>'''Moodle 3.10'''</small><br />
|-<br />
|<small>'''Report date'''</small><br />
|<small>August 2021</small><br />
|-<br />
|<small>'''Product description'''</small><br />
|<small>The world’s most customisable and trusted open-source learning management system</small><br />
|-<br />
|<small>'''Contact information'''</small><br />
|<small>support@moodle.com</small><br />
|}<br />
==Notes==<br />
This accessibility conformance report is based on an audit of Moodle version 3.10. The audit was completed by Web Key IT in January 2020, and in November 2020, this version received WCAG 2.1 Level AA accreditation from the company.<br />
<br />
An audit of Moodle version 3.11 is currently in progress. An accessibility conformance report for Moodle 3.11 will be published soon.<br />
===Revision history===<br />
{| class="wikitable"<br />
|<small>'''Revision'''</small><br />
|<small>'''Date'''</small><br />
|<small>'''Remarks'''</small><br />
|-<br />
|<small>3.10-v0.1</small><br />
|<small>2021-07-31</small><br />
|<small>Initial issue</small><br />
|-<br />
|<small>3.10-v0.2</small><br />
|<small>2021-09-07</small><br />
|<small>Added notes to clarify that this conformance report is based on the accessibility audit for Moodle 3.10.</small><br />
|}<br />
==Evaluation methods used==<br />
This conformance report is based on the results of an accessibility audit conducted by Web Key IT on a sample of 20 key pages. These pages were selected by Web Key IT and agreed on by Moodle as representative of the overall accessibility and functionality of the Moodle learning management system (LMS).<br />
<br />
The evaluation was completed following the [http://www.w3.org/TR/WCAG-EM/ WCAG Evaluation Methodology (WCAG-EM)].<br />
<br />
The pages were audited manually and cross-checked using a team of website evaluators to ensure that the results and comments presented are valid and comprehensive. Separate and external testing of these pages has been conducted by a group of trained testers, all with disabilities.<br />
<br />
The following tools and applications were used as part of the audit:<br />
*Desktop browsers<br />
**Google Chrome<br />
**Internet Explorer 11<br />
**Firefox<br />
*Screen reader<br />
**JAWS<br />
**NVDA<br />
*Other tools<br />
**NU HTML Validator<br />
==Applicable standards and guidelines==<br />
This report covers the degree of conformance for the following accessibility standards/guidelines:<br />
{| class="wikitable"<br />
|'''Standard/Guideline'''<br />
|'''Included In Report'''<br />
|-<br />
|[http://www.w3.org/TR/2008/REC-WCAG20-20081211 Web Content Accessibility Guidelines 2.0]<br />
|Level A (Yes )<br />
Level AA (Yes)<br />
<br />
Level AAA (Yes)<br />
|-<br />
|[https://www.w3.org/TR/WCAG21 Web Content Accessibility Guidelines 2.1]<br />
|Level A (Yes)<br />
Level AA (Yes)<br />
<br />
Level AAA (Yes)<br />
|}<br />
==Terms==<br />
The terms used in the Conformance Level information are defined as follows:<br />
*'''Supports''': The functionality of the product has at least one method that meets the criterion without known defects or meets with equivalent facilitation.<br />
*'''Partially Supports''': Some functionality of the product does not meet the criterion.<br />
*'''Does Not Support''': The majority of product functionality does not meet the criterion.<br />
*'''Not Applicable''': The criterion is not relevant to the product.<br />
*'''Not Evaluated''': The product has not been evaluated against the criterion. This can be used only in WCAG 2.0 Level AAA.<br />
==WCAG 2.1 report==<br />
===Table 1: Success criteria, Level A===<br />
Notes:<br />
{| class="wikitable"<br />
| colspan="2" |'''Criteria'''<br />
| colspan="2" |'''Conformance Level'''<br />
| colspan="2" |'''Remarks and Explanations'''<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#text-equiv-all 1.1.1 Non-text Content]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-av-only-alt 1.2.1 Audio-only and Video-only (Prerecorded)]<br />
| colspan="2" |Supports<br />
| colspan="2" |Moodle does not natively have audio and video content but it provides options for content creators to upload video/audio content with captions and subtitles.<br />
Video/audio transcripts can also be provided by content creators.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-captions 1.2.2 Captions (Prerecorded)]<br />
| colspan="2" |Supports<br />
| colspan="2" |Moodle provides options for content creators to attach captions to uploaded audio and video content.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-audio-desc 1.2.3 Audio Description or Media Alternative (Prerecorded)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Content creators can upload audio and video content with audio descriptions or media alternatives.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#content-structure-separation-programmatic 1.3.1 Info and Relationships]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#content-structure-separation-sequence 1.3.2 Meaningful Sequence]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#content-structure-separation-understanding 1.3.3 Sensory Characteristics] <br />
| colspan="2" |Partially supports<br />
| colspan="2" |Moodle does not solely rely on sensory characteristics.<br />
However, it has question types that require users to drag and drop answers to questions in a quiz.<br />
<br />
A disclaimer is provided to warn quiz creators that drag and drop question types are not accessible for visually impaired users.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-without-color 1.4.1 Use of Color]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-dis-audio 1.4.2 Audio Control]<br />
| colspan="2" |Supports<br />
| colspan="2" |User-uploaded audio and video content are set not auto-play by default although content creators have the option to enable or disable automatic playback of audio and video content.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#keyboard-operation-keyboard-operable 2.1.1 Keyboard]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#keyboard-operation-trapping 2.1.2 No Keyboard Trap]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#character-key-shortcuts 2.1.4 Character Key Shortcuts] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |Moodle’s rich text editor supports keyboard shortcuts. These shortcuts are only active when the user is in the editing area.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#time-limits-required-behaviors 2.2.1 Timing Adjustable]<br />
| colspan="2" |Supports<br />
| colspan="2" |When a user’s session is about to expire, a warning dialogue is being displayed to the user which allows them to extend their session.<br />
There’s no limit as to how many times they can extend their session.<br />
<br />
By default, the warning dialogue will be displayed 20 minutes before the session expires.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#time-limits-pause 2.2.2 Pause, Stop, Hide]<br />
| colspan="2" |Not evaluated<br />
| colspan="2" |This has not been evaluated because Moodle does not natively contain moving, blinking, and scrolling content.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#seizure-does-not-violate 2.3.1 Three Flashes or Below Threshold]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-skip 2.4.1 Bypass Blocks]<br />
| colspan="2" |Supports<br />
| colspan="2" |Skip links are supported in all main browsers, with the exception of Internet Explorer.<br />
With Microsoft ending its support for Internet Explorer, Moodle has ceased support for this browser from Moodle 3.10 onwards.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-title 2.4.2 Page Titled]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-focus-order 2.4.3 Focus Order]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-refs 2.4.4 Link Purpose (In Context)]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#pointer-gestures 2.5.1 Pointer Gestures] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#pointer-cancellation 2.5.2 Pointer Cancellation] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |Pointer cancellation is supported in all main browsers with the exception of Internet Explorer.<br />
With Microsoft ending its support for Internet Explorer, Moodle has ceased support for this browser from Moodle 3.10 onwards.<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#label-in-name 2.5.3 Label in Name] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#motion-actuation 2.5.4 Motion Actuation] (2.1 only)<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Moodle does not have built-in features that offer functionalities that are operated by device or user motion.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#meaning-doc-lang-id 3.1.1 Language of Page]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#consistent-behavior-receive-focus 3.2.1 On Focus]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#consistent-behavior-unpredictable-change 3.2.2 On Input]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#minimize-error-identified 3.3.1 Error Identification]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#minimize-error-cues 3.3.2 Labels or Instructions]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#ensure-compat-parses 4.1.1 Parsing]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#ensure-compat-rsv 4.1.2 Name, Role, Value]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|}<br />
===Table 2: Success criteria, Level AA===<br />
Notes:<br />
{| class="wikitable"<br />
| colspan="2" |'''Criteria'''<br />
| colspan="2" |'''Conformance Level'''<br />
| colspan="2" |'''Remarks and Explanations'''<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-real-time-captions 1.2.4 Captions (Live)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Moodle does not contain synchronised media with live audio content.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-audio-desc-only 1.2.5 Audio Description (Prerecorded)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Moodle does not natively have audio and video content but content creators can upload audio and video content with audio descriptions or media alternatives to these content.<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#orientation 1.3.4 Orientation] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#identify-input-purpose 1.3.5 Identify Input Purpose] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-contrast 1.4.3 Contrast (Minimum)]<br />
| colspan="2" |Partially supports<br />
| colspan="2" |Moodle does not rely solely on colour to convey visual information.<br />
Though there are some known colour contrast issues:<br />
<br />
- Dimmed text in tables with striped rows have insufficient contrast against rows with a grey background.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-scale 1.4.4 Resize text]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-text-presentation 1.4.5 Images of Text]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#reflow 1.4.10 Reflow] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |Reflow is supported in all main browsers with the exception of Internet Explorer.<br />
With Microsoft ending its support for Internet Explorer, Moodle has ceased support for this browser from Moodle 3.10 onwards.<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#non-text-contrast 1.4.11 Non-text Contrast] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#text-spacing 1.4.12 Text Spacing] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#content-on-hover-or-focus 1.4.13 Content on Hover or Focus] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-mult-loc 2.4.5 Multiple Ways]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-descriptive 2.4.6 Headings and Labels]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-focus-visible 2.4.7 Focus Visible]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#meaning-other-lang-id 3.1.2 Language of Parts]<br />
| colspan="2" |Not evaluated<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#consistent-behavior-consistent-locations 3.2.3 Consistent Navigation]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#consistent-behavior-consistent-functionality 3.2.4 Consistent Identification]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#minimize-error-suggestions 3.3.3 Error Suggestion]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[[3.3.4 Error Prevention (Legal, Financial, Data)]]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#status-messages 4.1.3 Status Messages] (2.1 only)<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|}<br />
===Table 3: Success criteria, Level AAA===<br />
Notes:<br />
{| class="wikitable"<br />
| colspan="2" |'''Criteria'''<br />
| colspan="2" |'''Conformance Level'''<br />
| colspan="2" |'''Remarks and Explanations'''<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-sign 1.2.6 Sign Language (Prerecorded)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Moodle does not natively have audio and video content but content creators can upload prerecorded video content with sign language.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-extended-ad 1.2.7 Extended Audio Description (Prerecorded)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Moodle does not natively have audio and video content but content creators can upload prerecorded multimedia content with extended audio descriptions.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-text-doc 1.2.8 Media Alternative (Prerecorded)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |Moodle does not natively have audio and video content but content creators can provide media alternatives for their prerecorded multimedia content.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#media-equiv-live-audio-only 1.2.9 Audio-only (Live)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#identify-purpose 1.3.6 Identify Purpose (2.1 only)]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast7 1.4.6 Contrast (Enhanced)] <br />
| colspan="2" |Partially supports<br />
| colspan="2" |Text colours in Moodle usually have a contrast ratio greater than 7:1 against their background.<br />
There are some texts with colours that meet the minimum contrast ratio of 4.5:1 for WCAG 2.1 Level AA but do not meet the enhanced colour contrast requirement of 7:1 for WCAG 2.1 Level AAA.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-noaudio 1.4.7 Low or No Background Audio]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-visual-presentation 1.4.8 Visual Presentation]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#visual-audio-contrast-text-images 1.4.9 Images of Text (No Exception)]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#keyboard-operation-all-funcs 2.1.3 Keyboard (No Exception)]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#time-limits-no-exceptions 2.2.3 No Timing]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#time-limits-postponed 2.2.4 Interruptions]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#time-limits-server-timeout 2.2.5 Re-authenticating]<br />
| colspan="2" |Partially supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#timeouts 2.2.6 Timeouts (2.1 only)]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#seizure-three-times 2.3.2 Three Flashes]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#animation-from-interactions 2.3.3 Animation from Interactions (2.1 only)]<br />
| colspan="2" |Not applicable<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-location 2.4.8 Location]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-link 2.4.9 Link Purpose (Link Only)]<br />
| colspan="2" |Partially supports<br />
| colspan="2" |Most links are uniquely identifiable by the link text only. However, some known areas where the link purpose cannot be determined by the link text only are:<br />
*Edit, delete, reply links in a list of posts within a forum discussion<br />
*The letter links for filtering a list of users by first name or surname do not make sense out of context.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#navigation-mechanisms-headings 2.4.10 Section Headings]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#target-size 2.5.5 Target Size (2.1 only)]<br />
| colspan="2" |Partially supports<br />
| colspan="2" |Button icons do not have the recommended target size of at least 44 x 44 pixels.<br />
|-<br />
| colspan="2" |[https://www.w3.org/TR/WCAG21/#concurrent-input-mechanisms 2.5.6 Concurrent Input Mechanisms (2.1 only)]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#meaning-idioms 3.1.3 Unusual Words]<br />
| colspan="2" |Not evaluated<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#meaning-located 3.1.4 Abbreviations]<br />
| colspan="2" |Partially supports<br />
| colspan="2" |Abbreviations in Moodle’s language strings such as KB, MB, PDF, Doc, etc., are not enclosed in <nowiki><abbr> tags nor auto-linked to a dictionary definition. </nowiki><br />
However, there is a mechanism that can enable auto-linking of user-generated content to a glossary.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#meaning-supplements 3.1.5 Reading Level]<br />
| colspan="2" |Supports<br />
| colspan="2" |Moodle’s language strings in its user interface are aimed to be descriptive and concise.<br />
It also has several language packs that can be downloaded and installed for sites that have children as the primary users.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#meaning-pronunciation 3.1.6 Pronunciation]<br />
| colspan="2" |Not evaluated<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#consistent-behavior-no-extreme-changes-context 3.2.5 Change on Request]<br />
| colspan="2" |Supports<br />
| colspan="2" |<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#minimize-error-context-help 3.3.5 Help]<br />
| colspan="2" |Partially supports<br />
| colspan="2" |Context-sensitive help is provided for input elements in forms where the label may not be sufficient to explain the purpose of the input element.<br />
|-<br />
| colspan="2" |[http://www.w3.org/TR/WCAG20/#minimize-error-reversible-all 3.3.6 Error Prevention (All)]<br />
| colspan="2" |Supports<br />
| colspan="2" |Form validation mechanisms are provided to allow users to correct their inputs when completing a form.<br />
Confirmation dialogues or pages are also present to prevent users from accidentally performing an irreversible action (e.g. data deletion, etc).<br />
|}<br />
==Legal disclaimer==<br />
The information herein is provided in good faith based on Moodle 3.10 at the time of the accessibility audit and does not represent a legally binding claim. Please [https://moodle.com/contact/ contact Moodle Pty Ltd] to report any accessibility errors or conformance claim errors for re-evaluation and correction, if necessary.</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=GDPR&diff=139907GDPR2021-03-26T06:29:53Z<p>Sander@moodle.com: /* GDPR plugins */</p>
<hr />
<div><div class="navtrail">[[Main page]] ► [[GDPR]]</div><br />
<div class="sideblock right" style="width: 16em;"> <br />
<div class="header">[[GDPR]]</div> <br />
<div class="content"><br />
</div><br />
* [[GDPR for administrators|GDPR for admins]]<br />
* [[Policies plugin]]<br />
* [[Data privacy plugin]]<br />
* [[GDPR FAQ]]<br />
</div><br />
<br />
== Overview ==<br />
<br />
GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union. The regulation (Regulation (EU) 2016/679)[[#References|<sup>2</sup>]] became enforceable on 25 May 2018 and replaced the data protection directive (officially Directive 95/46/EC)[[#References|<sup>3</sup>]] from 1995.<br />
<br />
<br />
{{MediaPlayer | url = https://youtu.be/bl_h4FX2WDI | desc = Overview of GDPR features}}<br />
<br />
<br />
{{MediaPlayer | url = https://youtu.be/4qBoOP7W1iQ | desc = Additional privacy settings}}<br />
<br />
===Who does it affect?===<br />
<br />
Any individual or organisation that stores or processes personal information on an identifiable person from an EU member state (regardless if the processing or storage of information occurs in the EU or not). It also applies if the individual or organisation themselves is located in an EU member state.<br />
<br />
===What kind of information comprises personal data in a Moodle site?===<br />
<br />
It is all information that can be associated with a natural person. Each user account and all the activity associated with that user account is classified as personal information. This also extends to associated information such as web server log files.<br />
<br />
===How is Moodle HQ assisting with GDPR compliance?===<br />
<br />
Earlier this year we reached out to the community through our forums and social media to gauge the needs of different organisations on how they would need to comply with GDPR. We received direct input from a number of Moodle institutions, our Moodle Partner network and developers.<br />
<br />
We developed a set of features (made available in Moodle 3.5 and through plugins and some minimal changes to core, for Moodle 3.3 and 3.4) which will assist Moodle sites meeting GDPR compliance needs. The features cover the following areas: <br />
<br />
* Onboarding of new users, including; age and location check to identify minors, versioning of privacy policies and the tracking of user consents;<br />
* Handling of subject access requests and erasure requests, and maintaining a data registry.<br />
<br />
[https://moodle.com/news/moodle-gdpr-approach-plan/ Find out more about the approach we took.]<br />
<br />
'''Important note:''' Installing the developed plugins alone will not be enough to meet the GDPR requirements. Correct configuration and implementation of the required processes and procedures is also required. <br />
<br />
We at Moodle HQ highly recommend that you also engage your IT and legal departments on what is required for GDPR compliance.<br />
<br />
====GDPR plugins====<br />
<br />
Plugins [[Policies plugin]] and [[Data privacy plugin]] are included in standard distribution of Moodle 3.5 onwards.<br />
<br />
==Moodle & GDPR for plugin developers==<br />
<br />
If you are a plugin developer, we recommend the following actions to assist you in preparing your Moodle plugin for GDPR:<br />
<br />
* please read through our spec documentation [[:dev:GDPR for plugin developers|GDPR for plugin developers]] in the dev docs and,<br />
* join the discussion [https://moodle.org/mod/forum/discuss.php?d=352538 EU General Data Protection Regulation (GDPR) compliance.]<br />
<br />
==Moodle & GDPR for Educators & Learners==<br />
<br />
If you are an educator or a learner and would like to find out more about your rights under GDPR and how features in Moodle can assist with protecting your data privacy, we recommend you:<br />
<br />
* Check in with your system administrators for information specific to your institution or organisation; <br />
* Read more information on GDPR in the “See also” section below. <br />
<br />
==See also==<br />
<br />
* [[GDPR FAQ]]<br />
<br />
References:<br />
<br />
* [https://www.eugdpr.org/ Home Page of EU GDPR]<br />
* [http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf GDPR Regulation]<br />
* [http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:31995L0046 Directive 95/46/EC]<br />
* [https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ Guide to the General Data Protection Regulation (GDPR)] from the UK's Information Commissioner's Office<br />
<br />
[[Category:GDPR]]<br />
<br />
[[de:DSGVO]]<br />
[[es:GDPR]]<br />
[[fr:RGPD]]<br />
[[it:GDPR]]</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=External_tool_FAQ&diff=139091External tool FAQ2020-11-30T01:19:34Z<p>Sander@moodle.com: /* What version of LTI is supported by the external tool? */</p>
<hr />
<div>{{External tool}}<br />
==What is the External tool?==<br />
<br />
The external tool is an activity module supporting LTI (Learning Tools Interoperability). It is similar to SCORM as a standard for educational objects, but instead of being a package of content that is uploaded to Moodle, LTI is a way of integrating the functionality provided by another system into your course.<br />
<br />
==How can I get my external tool activity to display on the Dashboard in the Course overview block?==<br />
<br />
Set an 'Expect completed by' date in the [[Activity completion]] section in the External tool settings.<br />
<br />
==What version of LTI is supported by the external tool?==<br />
===LTI 1.3 Advantage===<br />
'''Moodle 3.7''' added support for LTI 1.3 Advantage as a tool consumer, and the following releases have seen further improvements.<br /><br />
'''Moodle 3.10''' adds support for copying courses with history, selecting multiple content items at once, and dynamic registration.<br /><br />
Adding LTI 1.3 Advantage tool provider support is on the roadmap for next releases.<br />
===LTI 1.1 Advantage===<br />
Moodle also supports LTI 1.1 as tool provider and consumer.<br />
<br />
==See also==<br />
<br />
*[http://webmaster.dearbornschools.org/2012/10/25/wordpress-and-moodle-lti-stepsheet-and-tutorial-for-setup/ Wordpress and LTI tutorial] by Chris Kenniburg<br />
*[http://www.youtube.com/watch?v=Hqezqc3ukhM&feature=youtu.be&a IMS LTI demo] by Gavin Henrick<br />
* [http://www.somerandomthoughts.com/blog/2011/11/28/moodle-2-supports-connecting-to-ims-lti-tools/ Moodle 2.2 will support connecting to IMS LTI tools] blog post by Gavin Henrick<br />
*[http://vimeo.com/8073453 Video explaining LTI (Learning Tools Interoperability)] from Charles Severance<br />
<br />
Forum discussions<br />
* [https://moodle.org/mod/forum/discuss.php?d=261527 Adding LTI 2.0 support]<br />
* [https://moodle.org/mod/forum/discuss.php?d=345003 Moodle Cloud https won't connect with an LTI with http location]<br />
<br />
==Any further questions?==<br />
<br />
Please post in the [http://moodle.org/mod/forum/view.php?id=7978 LTI and Moodle forum] on moodle.org<br />
<br />
[[Category:FAQ]]<br />
<br />
[[es:Herramienta externa FAQ]]<br />
[[de:Externes Tool FAQ]]<br />
[[fr:FAQ sur l'outil externe]]</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=Data_privacy&diff=131071Data privacy2018-05-18T03:02:11Z<p>Sander@moodle.com: </p>
<hr />
<div>{{GDPR}}<br />
{{New features}}The Data privacy plugin provides the workflow for users to submit subject access requests and for the site administrator or Data Protection Officer (DPO) to process these requests.<br />
<br />
The Data Privacy plugin forms part of Moodle’s privacy feature set to assist sites to become GDPR compliant. It is included as standard in Moodle 3.5 onwards and available as a separately [https://moodle.org/plugins/tool_dataprivacy downloadable plugin] for Moodle 3.3.6 and 3.4.3.<br />
<br />
<br />
==Data Protection Officer role==<br />
<br />
After installing the data privacy plugin, the first thing to do is to create a [[Data Protection Officer role]] and assign it.<br />
<br />
(If there is nobody on the site with the role of Data Protection Officer i.e. nobody with the capability to manage data requests, then a site admin can respond to data requests and manage the data registry.)<br />
<br />
==Data requests==<br />
[[File:requesting data.png|thumb|Requesting data]]<br />
Any user can send a message to the Data Protection Officer via the 'Contact Data Protection Officer' link on their profile page. <br />
<br />
In addition, they can request a copy of all of their personal data or request that their personal data should be deleted as follows:<br />
<br />
# Go to your profile page (via the user menu).<br />
# Click the link 'Data requests' then click the 'New request' button.<br />
# Select 'Export all of my personal data' or 'Delete all of my personal data' as appropriate.<br />
# Save changes.<br />
[[File:Request approved.png|thumb|Request approved]]<br />
The DPO will then receive a data request notification.<br />
<br />
If the user has requested a copy of all of their personal data, once the request is approved, they will receive a notification to inform them that their personal data may be downloaded from their Data requests page.<br />
<br />
If the user has requested that their personal data should be deleted, once the request is approved, they will receive an email to inform them and they will no longer be able to log in to the site.<br />
<br />
==Responding to data requests==<br />
[[File:viewing a data request.png|thumb|Viewing a data request]]<br />
The DPO can respond to data requests as follows:<br />
<br />
# Go to 'Data requests' in the Site administration (or follow the link in the data request notification).<br />
# In the Actions dropdown, select View, Approve, or Deny as appropriate.<br />
<br />
==Data registry==<br />
[[File:data registry.png|thumb|Data registry]]<br />
The DPO can set purposes (why the organisation is processing data) with retention periods and categories for data stored in Moodle in the data registry. <br />
<br />
A default purpose and retention period may be set for course categories, courses, activity modules and blocks.<br />
<br />
===Example categories===<br />
<br />
* Administrative: Civil status, identity, identification data, images …<br />
* Personal life (lifestyle, family situation, etc.)<br />
* Economic and financial information (income, financial situation, tax situation, etc.)<br />
* Connection data (IP address, logs, etc.)<br />
* Educational Data (Assessed Coursework, exam scripts etc)<br />
* Records of Education Attainment (Results of exams, assessments, qualifications awarded etc)<br />
* Location data (travel, GPS data, GSM, etc.)<br />
<br />
===Data registry set-up===<br />
<br />
To add purposes and categories:<br />
<br />
# Go to 'Data registry' in the Site administration.<br />
# In the Edit menu select Categories.<br />
# On the 'Edit categories' page, click the + button to add a new category.<br />
# Enter a category name and description then click the Save button.<br />
# Go to 'Data registry' again and in the Edit menu select Purposes.<br />
# On the 'Edit purposes' page, click the + button to add a new purpose.<br />
# Enter a purpose name, description and retention period then click the Save button.<br />
<br />
To set default categories and purposes:<br />
<br />
# In 'Data registry' in the Site administration click the 'Set defaults' button.<br />
# Select a default category and purpose for the site, and for users, course categories, courses, activity modules and blocks as required.<br />
# Save changes.<br />
<br />
==Capabilities==<br />
<br />
* [[Capabilities/tool/dataprivacy:managedataregistry|Manage data registry]]<br />
* [[Capabilities/tool/dataprivacy:managedatarequests|Manage data requests]]<br />
* [[Capabilities/tool/dataprivacy:makedatarequestsforchildren|Make data requests for children]]<br />
<br />
[[Category: Privacy]]<br />
<br />
[[es:Plugin de privacidad de datos]]<br />
[[de:Schutz persönlicher Daten]]</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=Data_privacy&diff=131070Data privacy2018-05-18T03:01:53Z<p>Sander@moodle.com: </p>
<hr />
<div>{{GDPR}}<br />
{{New features}}The Data privacy plugin provides the workflow for users to submit subject access requests and for the site administrator or Data Protection Officer (DPO) to process these requests.<br />
<br />
The Data Privacy plugin forms part of Moodle’s privacy feature set to assist sites to become GDPR compliant. It is included as standard in Moodle 3.5 onwards and available as a separately [https://moodle.org/plugins/tool_dataprivacy downloadable plugin] for Moodle 3.3.6 and 3.4.3..<br />
<br />
<br />
==Data Protection Officer role==<br />
<br />
After installing the data privacy plugin, the first thing to do is to create a [[Data Protection Officer role]] and assign it.<br />
<br />
(If there is nobody on the site with the role of Data Protection Officer i.e. nobody with the capability to manage data requests, then a site admin can respond to data requests and manage the data registry.)<br />
<br />
==Data requests==<br />
[[File:requesting data.png|thumb|Requesting data]]<br />
Any user can send a message to the Data Protection Officer via the 'Contact Data Protection Officer' link on their profile page. <br />
<br />
In addition, they can request a copy of all of their personal data or request that their personal data should be deleted as follows:<br />
<br />
# Go to your profile page (via the user menu).<br />
# Click the link 'Data requests' then click the 'New request' button.<br />
# Select 'Export all of my personal data' or 'Delete all of my personal data' as appropriate.<br />
# Save changes.<br />
[[File:Request approved.png|thumb|Request approved]]<br />
The DPO will then receive a data request notification.<br />
<br />
If the user has requested a copy of all of their personal data, once the request is approved, they will receive a notification to inform them that their personal data may be downloaded from their Data requests page.<br />
<br />
If the user has requested that their personal data should be deleted, once the request is approved, they will receive an email to inform them and they will no longer be able to log in to the site.<br />
<br />
==Responding to data requests==<br />
[[File:viewing a data request.png|thumb|Viewing a data request]]<br />
The DPO can respond to data requests as follows:<br />
<br />
# Go to 'Data requests' in the Site administration (or follow the link in the data request notification).<br />
# In the Actions dropdown, select View, Approve, or Deny as appropriate.<br />
<br />
==Data registry==<br />
[[File:data registry.png|thumb|Data registry]]<br />
The DPO can set purposes (why the organisation is processing data) with retention periods and categories for data stored in Moodle in the data registry. <br />
<br />
A default purpose and retention period may be set for course categories, courses, activity modules and blocks.<br />
<br />
===Example categories===<br />
<br />
* Administrative: Civil status, identity, identification data, images …<br />
* Personal life (lifestyle, family situation, etc.)<br />
* Economic and financial information (income, financial situation, tax situation, etc.)<br />
* Connection data (IP address, logs, etc.)<br />
* Educational Data (Assessed Coursework, exam scripts etc)<br />
* Records of Education Attainment (Results of exams, assessments, qualifications awarded etc)<br />
* Location data (travel, GPS data, GSM, etc.)<br />
<br />
===Data registry set-up===<br />
<br />
To add purposes and categories:<br />
<br />
# Go to 'Data registry' in the Site administration.<br />
# In the Edit menu select Categories.<br />
# On the 'Edit categories' page, click the + button to add a new category.<br />
# Enter a category name and description then click the Save button.<br />
# Go to 'Data registry' again and in the Edit menu select Purposes.<br />
# On the 'Edit purposes' page, click the + button to add a new purpose.<br />
# Enter a purpose name, description and retention period then click the Save button.<br />
<br />
To set default categories and purposes:<br />
<br />
# In 'Data registry' in the Site administration click the 'Set defaults' button.<br />
# Select a default category and purpose for the site, and for users, course categories, courses, activity modules and blocks as required.<br />
# Save changes.<br />
<br />
==Capabilities==<br />
<br />
* [[Capabilities/tool/dataprivacy:managedataregistry|Manage data registry]]<br />
* [[Capabilities/tool/dataprivacy:managedatarequests|Manage data requests]]<br />
* [[Capabilities/tool/dataprivacy:makedatarequestsforchildren|Make data requests for children]]<br />
<br />
[[Category: Privacy]]<br />
<br />
[[es:Plugin de privacidad de datos]]<br />
[[de:Schutz persönlicher Daten]]</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=Policies&diff=131069Policies2018-05-18T03:00:17Z<p>Sander@moodle.com: </p>
<hr />
<div>{{GDPR}}{{New features}}<br />
The Policies plugin provides a new user sign-on process, with ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies.<br />
<br />
The Policies plugin forms part of Moodle’s privacy feature set assisting sites to become GDPR compliant. It is included as standard in Moodle 3.5 onwards and available as a separately [https://moodle.org/plugins/tool_policy downloadable plugin] for Moodle 3.3.6 and 3.4.3.<br />
<br />
==Enabling the policies plugin==<br />
<br />
To enable the policies plugin<br />
<br />
# Go to 'Policy settings' in the Site administration.<br />
# Set the Site policy handler to 'Policies (tool_policy)'.<br />
# Save changes.<br />
<br />
Two new pages will then appear in the Site administration - 'Manage policies' and 'User agreements'.<br />
<br />
Note that when Policies is set as the site policy handler, the settings 'Site policy' and 'Site policy for guests' are ignored.<br />
<br />
==Adding and managing policies==<br />
[[File:policies and agreements.png|thumb|Policies and agreements]]<br />
An admin or any user with the [[Capabilities/tool/policy:managedocs|Manage policies]] capability (by default manager) can access the page 'Manage policies' in the Site administration and:<br />
<br />
* Add a new site / privacy / third parties / other policy for all users, authenticated users or guests<br />
* Change the active / inactive status of each policy<br />
* View the number and percentage of users who have agreed to each policy<br />
* Edit a policy and specify whether it is a minor change (not requiring users to reconfirm their consent) or not<br />
* View the current version of each policy and also previous versions<br />
* Change the order in which policies are shown to users<br />
<br />
To add a new policy:<br />
<br />
# Go to 'Manage policies' in the Site administration.<br />
# Click the button 'New policy'<br />
# Complete the form and save changes.<br />
<br />
Note that once created, a policy can be edited, or set to inactive, but if users have agreed to it, it can't be deleted.<br />
<br />
==Giving consent to policies==<br />
[[File:Agreeing to policies.png|thumb|Giving consent to policies]]<br />
All users (with the exception of admins) will be required to give their consent to all policies defined either for “Authenticated users” or for “All users” before proceeding further on the site.<br />
<br />
If a new policy is added, all users will be required to give their consent when they next log in. Similarly, if an existing policy is edited and is not marked as a minor change, all users will be required to give their consent when they next log in.<br />
<br />
If self-registration is enabled on the site, new users will be required to give their consent to all policies before proceeding to the sign-up form. If digital age of consent verification (a new setting in Moodle 3.4.2 onwards) is enabled in '[[Privacy|Privacy settings]]' in the Site administration, when a new user clicks the 'Create new account' button, they will be prompted to enter their age and country. If the user's age is lower than the age of consent for their country, they will see a message prompting them to ask their parent/guardian to contact the support contact (as specified in 'Support contact' in the Site administration).<br />
<br />
==Policies for guests==<br />
[[File:policies modal window.png|thumb|Policies for guests modal window]]<br />
If a user logs in as a [[Guest access|guest]], a modal window will be shown at the bottom of the user's browser window with links to all policies defined either for guests or for all users.<br />
<br />
==Minors==<br />
[[File:No permission to agree to policies.png|thumb|Minor prevented from proceeding further on the site]]<br />
Users who are younger than the age of digital consent, called 'minors', may be prevented from giving their consent by prohibiting the capability [[Capabilities/tool/policy:accept|Agree to policies]]. They will then be prevented from proceeding further on the site until someone can give consent on their behalf.<br />
<br />
===Sites with minors as the majority of users===<br />
<br />
To prohibit users from agreeing to policies because they are a minor:<br />
<br />
# Go to 'Define roles' in the Site administration.<br />
# Edit the role of authenticated user and set [[Capabilities/tool/policy:accept|Agree to policies]] to prohibit.<br />
# Save changes.<br />
<br />
To enable teachers and other users who are not minors to agree to policies:<br />
<br />
# Go to 'Define roles' in the Site administration.<br />
# Click the button 'Add a new role'.<br />
# Give the role a name such as 'Able to give consent', short name and description.<br />
# For context types where this role may be assigned, tick system.<br />
# Enter policy in the filter box, then allow the capability Agree to policies.<br />
# Click the button 'Create this role'.<br />
# Go to 'Assign system roles' in the Site administration.<br />
# Choose the 'Able to give consent' role to assign.<br />
# Select teachers and other users in the Potential users list, and use the left-facing arrow button to add them to the Existing users list. <br />
<br />
===Sites with only a few minors===<br />
<br />
To prohibit users from agreeing to policies because they are a minor:<br />
<br />
# Go to 'Define roles' in the Site administration.<br />
# Click the button 'Add a new role'.<br />
# Give the role a name such as 'Digital minor', short name and description.<br />
# For context types where this role may be assigned, tick system.<br />
# Enter policy in the filter box, then prohibit the capability Agree to policies.<br />
# Click the button 'Create this role'.<br />
# Go to 'Assign system roles' in the Site administration.<br />
# Choose the 'Digital minor' role to assign.<br />
# Select minors in the Potential users list, and use the left-facing arrow button to add them to the Existing users list.<br />
<br />
==User agreements==<br />
[[File:user agreements.png|thumb|User agreements filtered to show minors]]<br />
An admin or any user with the [[Capabilities/tool/policy:viewacceptances|View user agreements reports]] capability (by default manager) can access the page 'User agreements' in the Site administration and:<br />
<br />
* View user consents <br />
* Filter by policy, permission, status or role<br />
* Give consent on behalf of minors<br />
* Download table data<br />
<br />
User agreements for a particular policy may also be viewed via the 'Manage policies' page by clicking the link in the Agreements column.<br />
<br />
==Giving consent on behalf of other users==<br />
<br />
An admin or any user with the capability [[Capabilities/tool/policy:acceptbehalf|Agree to the policies on someone else's behalf]] can give consent on behalf of minors or when a written consent was obtained offline.<br />
<br />
===Giving consent on behalf of multiple users===<br />
[[File:Record of consents.png|thumb|Record of consents with remarks]]<br />
Users with capability [[Capabilities/tool/policy:acceptbehalf|Agree to the policies on someone else's behalf]] in the system context, such as managers, can give consent on behalf of multiple users as follows:<br />
<br />
# Go to 'User agreements' in the Site administration.<br />
# If necessary, filter by 'Permission: Can not agree'.<br />
# To give consent for multiple policies, tick the box next to selected users' names then click the consent button.<br />
# To give consent for a single policy, click the red cross next to the user's name.<br />
<br />
When giving consent on behalf of other users, there is an opportunity to add some remarks. Clicking on the link in the Overall column gives an overview with details of who gave consent and when, together with any remarks.<br />
<br />
===Giving consent on behalf of a child===<br />
<br />
A parent or guardian may be allowed to give consent on behalf of their child by giving them the capability [[Capabilities/tool/policy:acceptbehalf|Agree to the policies on someone else's behalf]] in the user context. See the [[Parent role]] for details of how to create the role and assign a parent to a student. The parent or guardian will then be able to give consent as follows:<br />
<br />
# Go to the child's profile page.<br />
# Click the link 'Policies and agreements'. <br />
# Click the red cross next to the policy name.<br />
<br />
==Capabilities==<br />
<br />
* [[Capabilities/tool/policy:accept|Agree to policies]] - allowed for authenticated user role<br />
* [[Capabilities/tool/policy:managedocs|Manage policies]] - allowed for default role of manager only<br />
* [[Capabilities/tool/policy:viewacceptances|View user agreements reports]] - allowed for default role of manager only<br />
* [[Capabilities/tool/policy:acceptbehalf|Agree to policies on someone else's behalf]] - allowed for default role of manager only<br />
<br />
[[Category:Privacy]]<br />
<br />
[[es:Plugin de políticas]]<br />
[[de:Richtlinien und Einwilligungen]]</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=GDPR&diff=131067GDPR2018-05-18T02:48:54Z<p>Sander@moodle.com: </p>
<hr />
<div><div class="navtrail">[[Main page]] ► [[GDPR]]</div><br />
<div class="sideblock right" style="width: 16em;"> <br />
<div class="header">[[GDPR]]</div> <br />
<div class="content"><br />
</div><br />
* [[GDPR for administrators|GDPR for admins]]<br />
* [[Policies plugin]]<br />
* [[Data privacy plugin]]<br />
* [[GDPR FAQ]]<br />
</div><br />
<br />
== Overview ==<br />
<br />
GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union. The regulation (Regulation (EU) 2016/679)[[#ref2|2]] becomes enforceable on 25 May 2018 and replaces the data protection directive (officially Directive 95/46/EC)[[#ref3|3]] from 1995.<br />
<br />
===Who does it affect?===<br />
<br />
Any individual or organisation that stores or processes personal information on an identifiable person from an EU member state (regardless if the processing or storage of information occurs in the EU or not). It also applies if the individual or organisation themselves is located in an EU member state.<br />
<br />
===What kind of information comprises personal data in a Moodle site?===<br />
<br />
It is all information that can be associated with a natural person. Each user account and all the activity associated with that user account is classified as personal information. This also extends to associated information such as web server log files.<br />
<br />
===How is Moodle HQ assisting with GDPR compliance?===<br />
<br />
Earlier this year we reached out to the community through our forums and social media to gauge the needs of different organisations on how they would need to comply with GDPR. We received direct input from a number of Moodle institutions, our Moodle Partner network and developers.<br />
<br />
We developed a set of features (made available in Moodle 3.5 and through plugins and some minimal changes to core, for Moodle 3.3 and 3.4) which will assist Moodle sites meeting GDPR compliance needs. The features cover the following areas: <br />
<br />
* Onboarding of new users, including; age and location check to identify minors, versioning of privacy policies and the tracking of user consents;<br />
* Handling of subject access requests and erasure requests, and maintaining a data registry.<br />
<br />
[https://moodle.com/news/moodle-gdpr-approach-plan/ Find out more about the approach we took.]<br />
<br />
'''Important note:''' Installing the developed plugins alone will not be enough to meet the GDPR requirements. Correct configuration and implementation of the required processes and procedures is also required. <br />
<br />
We at Moodle HQ highly recommend that you also engage your IT and legal departments on what is required for GDPR compliance.<br />
<br />
====GDPR plugins====<br />
<br />
Plugins [[Policies plugin]] and [[Data privacy plugin]] are included in standard distribution of Moodle 3.5 . See documentation for [https://docs.moodle.org/33/en/GDPR Moodle 3.3] or [https://docs.moodle.org/34/en/GDPR Moodle 3.4] if you use other versions<br />
<br />
==GDPR for Moodle administrators==<br />
<br />
If you are a Moodle system administrator and have a Moodle site older than the 3.3.6 or 3.4.3 version, or have a site that is not affected by GDPR but would still like to do as much as possible towards compliance, we recommend you read our [https://docs.moodle.org/310/en/GDPR_for_administrators “GDPR for Moodle Administrators”] guide. <br />
<br />
If you are on Moodle 3.3.6 or 3.4.3 version and above, please refer to our [https://docs.moodle.org/310/en/GDPR_for_administrators_(Moodle_3.4.2%2B) “GDPR for Moodle Administrators (Moodle 3.4.2+)”] guide for information on GDPR functionalities that have been released recently and continuing to develop.<br />
<br />
Moodle 3.5 includes the GDPR feature set as part of the standard distribution.<br />
<br />
==Moodle & GDPR for plugin developers==<br />
<br />
If you are a plugin developer, we recommend the following actions to assist you in preparing your Moodle plugin for GDPR:<br />
<br />
* please read through our spec documentation [[:dev:GDPR for plugin developers|GDPR for plugin developers]] in the dev docs and,<br />
* join the discussion [https://moodle.org/mod/forum/discuss.php?d=352538 EU General Data Protection Regulation (GDPR) compliance.]<br />
<br />
==Moodle & GDPR for Educators & Learners==<br />
<br />
If you are an educator or a learner and would like to find out more about your rights under GDPR and how features in Moodle can assist with protecting your data privacy, we recommend you:<br />
<br />
* Check in with your system administrators for information specific to your institution or organisation; <br />
* Read more information on GDPR in the “See also” section below. <br />
<br />
==Latest News & Updates==<br />
<br />
* [https://moodle.org/mod/forum/discuss.php?d=367522#p1482337 Data Privacy and Policy plugins to support GDPR compliance now available]<br />
<br />
==See also==<br />
<br />
* [[GDPR FAQ]]<br />
<br />
References:<br />
<br />
* [https://www.eugdpr.org/ Home Page of EU GDPR]<br />
* [http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf GDPR Regulation]<br />
* [http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:31995L0046 Directive 95/46/EC]<br />
* [https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ Guide to the General Data Protection Regulation (GDPR)] from the UK's Information Commissioner's Office<br />
<br />
[[Category:GDPR]]<br />
<br />
[[es:GDPR]]<br />
[[fr:RGPD]]<br />
[[de:DSGVO]]</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=GDPR_FAQ&diff=131066GDPR FAQ2018-05-18T02:08:52Z<p>Sander@moodle.com: </p>
<hr />
<div>{{GDPR}}<br />
<br />
===What is GDPR?===<br />
<br />
GDPR stands for General Data Protection Regulation, and refers to the European Union regulation for data protection for all individuals within the European Union.<br />
<br />
The regulation (Regulation (EU) 2016/679) becomes enforceable on 25 May 2018 and replaces the data protection directive (officially Directive 95/46/EC) from 1995.<br />
<br />
===Who needs to be GDPR compliant?===<br />
<br />
Any individual or organisation that stores or processes personal information on an identifiable person from an EU member state (regardless if the processing or storage of information occurs in the EU or not) are affected by GDPR.<br />
GDPR rules also applies if the individual or organisation themselves is located in an EU member state.<br />
<br />
===How is Moodle HQ assisting with GDPR compliance?===<br />
<br />
Earlier this year we reached out to the community through our forums and social media to gauge the needs of different organisations on how they would need to comply with GDPR. We received direct input from a number of Moodle institutions, our Moodle Partner network and developers.<br />
<br />
We developed a set of features (made available in Moodle 3.5 and through plugins and some minimal changes to core, for Moodle 3.3 and 3.4) which will assist Moodle sites meeting GDPR compliance needs. The features cover the following areas: <br />
<br />
* Onboarding of new users, including; age and location check to identify minors, versioning of privacy policies and the tracking of user consents;<br />
* Handling of subject access requests and erasure requests, and maintaining a data registry.<br />
<br />
[https://moodle.com/news/moodle-gdpr-approach-plan/ Find out more about the approach we took.] <br />
<br />
===What can I do now to make my Moodle ready for GDPR?===<br />
Moodle 3.5 includes the GDPR feature set and has been released on 17 may 2018. The same features are also available as separately downloadable plugins for Moodle 3.4.3 and 3.3.6. There are two plugins that together comprise the GDPR features: <br />
<br />
* The [[Policies plugin]] provides a new user sign on process, with ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies;<br />
* The [[Data privacy plugin]] provides the workflow for users to submit subject access and erasure requests and for site administrators and privacy officers to process these requests. It also includes the data registry to define a purpose and retention period for the data stored in your Moodle site.<br />
<br />
Hence we recommend you upgrade to Moodle 3.5, 3.4.3 or 3.3.6 to access these features.<br />
<br />
If you are on an older Moodle site, we recommend that you read the section on site policy on the [https://docs.moodle.org/310/en/GDPR_for_administrators GDPR for Moodle administrators guide.]<br />
<br />
===Is installing the Moodle plugins enough for GDPR compliance?===<br />
<br />
Installing the developed plugins alone will not be enough to meet the GDPR requirements. Correct configuration and implementation of the required processes and procedures is also required. <br />
<br />
We at Moodle HQ highly recommend that you also engage your IT and legal departments on what is required for GDPR compliance.<br />
<br />
===GDPR version support===<br />
The GDPR features will receive the same level of support as Moodle's support for security issues, including backporting fixes to security supported releases (for GDPR this is currently Moodle 3.5, 3.4 and 3.3). <br />
Refer to the [https://docs.moodle.org/dev/Releases#Version_support releases page].<br />
<br />
==See also==<br />
<br />
* [https://moodle.org/mod/forum/discuss.php?d=368190 General Data Protection Regulation (GDPR) and badges] forum discussion<br />
<br />
==Any further questions?==<br />
<br />
Please post in the [https://moodle.org/mod/forum/view.php?id=7301 Security and privacy forum] on moodle.org.<br />
<br />
[[Category:FAQ]]<br />
<br />
[[es:GDPR FAQ]]<br />
[[de:DSGVO FAQ]]</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=GDPR_FAQ&diff=131065GDPR FAQ2018-05-18T01:52:16Z<p>Sander@moodle.com: </p>
<hr />
<div>{{GDPR}}<br />
<br />
===What is GDPR?===<br />
<br />
GDPR stands for General Data Protection Regulation, and refers to the European Union regulation for data protection for all individuals within the European Union.<br />
<br />
The regulation (Regulation (EU) 2016/679) becomes enforceable on 25 May 2018 and replaces the data protection directive (officially Directive 95/46/EC) from 1995.<br />
<br />
===Who needs to be GDPR compliant?===<br />
<br />
Any individual or organisation that stores or processes personal information on an identifiable person from an EU member state (regardless if the processing or storage of information occurs in the EU or not) are affected by GDPR.<br />
GDPR rules also applies if the individual or organisation themselves is located in an EU member state.<br />
<br />
===How is Moodle HQ assisting with GDPR compliance?===<br />
<br />
Earlier this year we reached out to the community through our forums and social media to gauge the needs of different organisations on how they would need to comply with GDPR. We received direct input from a number of Moodle institutions, our Moodle Partner network and developers.<br />
<br />
We developed a set of features (made available in Moodle 3.5 and through plugins and some minimal changes to core, for Moodle 3.3 and 3.4) which will assist Moodle sites meeting GDPR compliance needs. The features cover the following areas: <br />
<br />
* Onboarding of new users, including; age and location check to identify minors, versioning of privacy policies and the tracking of user consents;<br />
* Handling of subject access requests and erasure requests, and maintaining a data registry.<br />
<br />
[https://moodle.com/news/moodle-gdpr-approach-plan/ Find out more about the approach we took.] <br />
<br />
===What can I do now to make my Moodle ready for GDPR?===<br />
Moodle 3.5 includes the GDPR feature set and has been released on 17 may 2018. The same features are also available as separately downloadable plugins for Moodle 3.4.3 and 3.3.6. There are two plugins that together comprise the GDPR features: <br />
<br />
* The [[Policies plugin]] provides a new user sign on process, with ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies;<br />
* The [[Data privacy plugin]] provides the workflow for users to submit subject access and erasure requests and for site administrators and privacy officers to process these requests. It also includes the data registry to define a purpose and retention period for the data stored in your Moodle site.<br />
<br />
Hence we recommend you upgrade to Moodle 3.5, 3.4.3 or 3.3.6 to access these features.<br />
<br />
If you are on an older Moodle site, we recommend that you read the section on site policy on the [https://docs.moodle.org/310/en/GDPR_for_administrators GDPR for Moodle administrators guide.]<br />
<br />
===Is installing the Moodle plugins enough for GDPR compliance?===<br />
<br />
Installing the developed plugins alone will not be enough to meet the GDPR requirements. Correct configuration and implementation of the required processes and procedures is also required. <br />
<br />
We at Moodle HQ highly recommend that you also engage your IT and legal departments on what is required for GDPR compliance.<br />
<br />
==See also==<br />
<br />
* [https://moodle.org/mod/forum/discuss.php?d=368190 General Data Protection Regulation (GDPR) and badges] forum discussion<br />
<br />
==Any further questions?==<br />
<br />
Please post in the [https://moodle.org/mod/forum/view.php?id=7301 Security and privacy forum] on moodle.org.<br />
<br />
[[Category:FAQ]]<br />
<br />
[[es:GDPR FAQ]]<br />
[[de:DSGVO FAQ]]</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=GDPR&diff=131050GDPR2018-05-17T05:09:14Z<p>Sander@moodle.com: </p>
<hr />
<div><div class="navtrail">[[Main page]] ► [[GDPR]]</div><br />
<div class="sideblock right" style="width: 16em;"> <br />
<div class="header">[[GDPR]]</div> <br />
<div class="content"><br />
</div><br />
* [[GDPR for administrators|GDPR for admins]]<br />
* [[Policies plugin]]<br />
* [[Data privacy plugin]]<br />
* [[GDPR FAQ]]<br />
</div><br />
<br />
== Overview ==<br />
<br />
GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union. The regulation (Regulation (EU) 2016/679)[[#ref2|2]] becomes enforceable on 25 May 2018 and replaces the data protection directive (officially Directive 95/46/EC)[[#ref3|3]] from 1995.<br />
<br />
===Who does it affect?===<br />
<br />
Any individual or organisation that stores or processes personal information on an identifiable person from an EU member state (regardless if the processing or storage of information occurs in the EU or not). It also applies if the individual or organisation themselves is located in an EU member state.<br />
<br />
===What kind of information comprises personal data in a Moodle site?===<br />
<br />
It is all information that can be associated with a natural person. Each user account and all the activity associated with that user account is classified as personal information. This also extends to associated information such as web server log files.<br />
<br />
===How is Moodle HQ assisting with GDPR compliance?===<br />
<br />
Earlier this year we reached out to the community through our forums and social media to gauge the needs of different organisations on how they would need to comply with GDPR. We received direct input from a number of Moodle institutions, our Moodle Partner network and developers.<br />
<br />
We developed a set of features (made available in Moodle 3.5 and through plugins and some minimal changes to core, for Moodle 3.3 and 3.4) which will assist Moodle sites meeting GDPR compliance needs. The features cover the following areas: <br />
<br />
* Onboarding of new users, including; age and location check to identify minors, versioning of privacy policies and the tracking of user consents;<br />
* Handling of subject access requests and erasure requests, and maintaining a data registry.<br />
<br />
[https://moodle.com/news/moodle-gdpr-approach-plan/ Find out more about our plan.]<br />
<br />
'''Important note:''' Installing the developed plugins alone will not be enough to meet the GDPR requirements. Correct configuration and implementation of the required processes and procedures is also required. <br />
<br />
We at Moodle HQ highly recommend that you also engage your IT and legal departments on what is required for GDPR compliance.<br />
<br />
====GDPR plugins====<br />
<br />
Plugins [[Policies plugin]] and [[Data privacy plugin]] are included in standard distribution of Moodle 3.5 . See documentation for [https://docs.moodle.org/33/en/GDPR Moodle 3.3] or [https://docs.moodle.org/34/en/GDPR Moodle 3.4] if you use other versions<br />
<br />
==GDPR for Moodle administrators==<br />
<br />
If you are a Moodle system administrator and have a Moodle site older than the 3.3.6 or 3.4.3 version, or have a site that is not affected by GDPR but would still like to do as much as possible towards compliance, we recommend you read our [https://docs.moodle.org/310/en/GDPR_for_administrators “GDPR for Moodle Administrators”] guide. <br />
<br />
If you are on Moodle 3.3.6 or 3.4.3 version and above, please refer to our [https://docs.moodle.org/310/en/GDPR_for_administrators_(Moodle_3.4.2%2B) “GDPR for Moodle Administrators (Moodle 3.4.2+)”] guide for information on GDPR functionalities that have been released recently and continuing to develop.<br />
<br />
Moodle 3.5 includes the GDPR feature set as part of the standard distribution.<br />
<br />
==Moodle & GDPR for plugin developers==<br />
<br />
If you are a plugin developer, we recommend the following actions to assist you in preparing your Moodle plugin for GDPR:<br />
<br />
* please read through our spec documentation [[:dev:GDPR for plugin developers|GDPR for plugin developers]] in the dev docs and,<br />
* join the discussion [https://moodle.org/mod/forum/discuss.php?d=352538 EU General Data Protection Regulation (GDPR) compliance.]<br />
<br />
==Moodle & GDPR for Educators & Learners==<br />
<br />
If you are an educator or a learner and would like to find out more about your rights under GDPR and how features in Moodle can assist with protecting your data privacy, we recommend you:<br />
<br />
* Check in with your system administrators for information specific to your institution or organisation; <br />
* Read more information on GDPR in the “See also” section below. <br />
<br />
==Latest News & Updates==<br />
<br />
* [https://moodle.org/mod/forum/discuss.php?d=367522#p1482337 Data Privacy and Policy plugins to support GDPR compliance now available]<br />
<br />
==See also==<br />
<br />
* [[GDPR FAQ]]<br />
<br />
References:<br />
<br />
* [https://www.eugdpr.org/ Home Page of EU GDPR]<br />
* [http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf GDPR Regulation]<br />
* [http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:31995L0046 Directive 95/46/EC]<br />
* [https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ Guide to the General Data Protection Regulation (GDPR)] from the UK's Information Commissioner's Office<br />
<br />
[[Category:GDPR]]<br />
<br />
[[es:GDPR]]<br />
[[fr:RGPD]]<br />
[[de:DSGVO]]</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=GDPR_for_administrators&diff=130750GDPR for administrators2018-04-05T06:26:56Z<p>Sander@moodle.com: </p>
<hr />
<div>{{GDPR}}<br />
<br />
Disclaimer: The advice in this document is provided for informational purposes only, and not be construed as legal or professional advice. Moodle Pty Ltd does not warrant that the advice is accurate, complete, reliable, current or error-free. Please ensure to obtain your own independent legal and IT advice.<br />
<br />
== Checklist ==<br />
<br />
<ol><br />
<li> Is the Moodle site hosted in an EU member state, or is it possible that any user of the Moodle site is an individual from an EU member state?<br />
<ul><br />
<li> If you answered no to this question, you are not affected by this regulation. However, the benefits of data protection afforded by the regulation are universally applicable and you may consider voluntarily complying with this legislation for the benefit of your site users.</li><br />
</ul><br />
</li><br />
<li><br />
Do you require your site users to accept a site or privacy policy document before using your site (either in Moodle or something outside of Moodle, like a paper form)?<br />
<ul><br />
<li>If you answered no to this question, you must start doing so. Users need to be aware of their rights and the processes with which they can exercise their rights.</li><br />
<li>If you answered yes to this question you must review your policy to make sure it covers all requirements of the new regulations (see “Site policy” below). If you change your policy you must get all site users to accept the new policy before they can continue using the site.</li><br />
</ul><br />
</li><br />
<li>Is it possible that your site is used by minors? (Under 16 in most member states, but some states may reduce this as low as 13 years).<br />
<ul><br />
<li>If you answered yes to this question, you must ensure that the consent is obtained from their legal guardian. Keep in mind that collecting and processing personal information on minors may impact your risk assessment. You should take extra care to adequately secure this information, and retain it for as short a period as is necessary.</li><br />
</ul><br />
</li><br />
<li>Is it the collection or storage of personal data from your site users likely to result in a high risk to their rights and freedoms?<br />
<ul><br />
<li>Some examples that would indicate high risk are:<br />
<ul><br />
<li>a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person</li><br />
<li>processing on a large scale of special categories of data including<br />
<ul><br />
<li>Racial or ethnic origin</li><br />
<li>Political opinions</li><br />
<li>Religious or philosophical beliefs</li><br />
<li>Trade union membership</li><br />
<li>Genetic data</li><br />
<li>Biometric data</li><br />
<li>Data concerning health</li><br />
<li>Sexual orientation</li><br />
<li>Data concerning a natural person’s sex life</li><br />
<li>Criminal convictions</li><br />
</ul><br />
</li><br />
<li>This is not an exhaustive list and if you are unsure if you should consider the data collected from your users as “High risk” you should refer to the legislation and seek professional advice.</li><br />
</ul><br />
</li><br />
<li>If the answer is “Yes”, you should perform a Data Protection Impact Assessment. Refer to the legislation and seek professional advice.</li><br />
</ul><br />
</li><br />
<li>Do you use any of the collected personal information for the purposes of marketing?<br />
<ul><br />
<li>If you answered yes to this question - you must obtain a separate consent from each user to use this data for this purpose. Consent to use the data for marketing must be separately withdrawable by the user.</li><br />
</ul><br />
</li><br />
<li>Do you use any of the collected personal information for the purposes of research?<br />
<ul><br />
<li>If you answered yes to this question, you must either obtain a specific consent from each user to use the data for this purpose, or completely anonymise the data before using it for research. <br /><br />[https://github.com/moodlehq/moodle-local_anonymise https://github.com/moodlehq/moodle-local_anonymise] is an example of a tool designed to anonymise all the data on a moodle site.</li><br />
</ul><br />
</li><br />
<li>Do you share any of the collected data with any third parties? This includes sites and services that integrate with Moodle such as: Google analytics, LTI, Repositories (Google Docs, OneDrive etc), Authentication systems etc. This also includes sites and services used in the provision of your own Moodle site such as hosting providers.<br />
<ul><br />
<li>If you answered yes to this question then you are responsible for all data that is shared with a third party. You must obtain the user’s consent to share this data with each third party. If the list of third party services changes you must re-obtain consent from all site users for each new third party site/service. You should also take reasonable steps to ensure that each third party will adequately protect users personal data including:<br />
<ul><br />
<li>Reviewing the third party privacy policy to make sure it is congruent with your own</li><br />
<li>Monitoring and notifying your site users about changes to the third party privacy policy</li><br />
<li>Identify the mechanism for processing requests to erase or correct personal data with each third party so that you can follow this process when you receive one of these requests for your own site</li><br />
<li>Identify and list the data protection officer, and privacy policy for each third party site as part of your own privacy policy</li><br />
</ul><br />
</li><br />
<li>Google analytics for example has not yet provided clear updated instructions on how to comply with the new GDPR when using their service. It is probable that they will issue guidance on how to use Google Analytics in compliance with the GDPR before it becomes enforceable, but this example demonstrates that it is your responsibility to ensure the protection of privacy of the users of your site and it is not legal to use cloud services without considering the privacy implications of each and every service provider.</li><br />
</ul><br />
</li><br />
<li>Do you follow best practice policies and procedures to ensure data security?<br />
<ul><br />
<li>If you answered no to this question then you have must review your policies and procedures to ensure you are not placing your sites users personal data at risk.<br />
<ul><br />
<li>“Best practices” includes but is not limited to organisational and technical measures to ensure a level of security appropriate to the risk such that:<br />
<ul><br />
<li>pseudonymisation and encryption of personal data</li><br />
<li>the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services</li><br />
<li>the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident</li><br />
<li>a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing</li><br />
</ul><br />
</li><br />
<li>Examples:<br />
<ul><br />
<li>Appropriate use of encryption (https)</li><br />
<li>Maintaining all systems and software with relevant security updates.</li><br />
<li>Deletion of personal data as soon as possible, once it is no longer required for the purpose it was collected.</li><br />
</ul><br />
</li><br />
</ul><br />
</li><br />
</ul><br />
</li><br />
<li>Do you have defined policies and procedures for disclosing data breaches?<br />
<ul><br />
<li>If you answered no this question then you must define some</li><br />
<li>If you have existing policies and procedures they should be reviewed</li><br />
<li>These policies and procedures must include notifying the Supervisory Authority within 72 hours of the data breach and notifying all affected users if they have been adversely affected (personal data disclosed).</li><br />
</ul><br />
</li><br />
<li>Have you appointed a data protection officer, and listed them in your privacy policy?<br />
<ul><br />
<li>If you answered no to this question then you must appoint one and list them in your site's privacy policy. The data protection officer is expected to be “proficient at managing IT processes, data security (including dealing with cyber-attacks) and other critical business continuity issues around the holding and processing of personal and sensitive data [[#ref1|1]].</li><br />
</ul><br />
</li><br />
<li>Do you have a mechanism with with your site users can request their personal data is erased, corrected or made available to the requesting user on your site?<br />
<ul><br />
<li>If you answered yes to this question then must ensure it is listed in your site's privacy policy</li><br />
<li>If you answered no to this question then you define one and list it in your site's privacy policy<br />
<ul><br />
<li>For a Moodle site that does not make use of the GDPR plugins, a suitable mechanism would be an email address, reserved for this purpose that is monitored by an administrator for your Moodle site. Once a request is received, reasonable steps should be taken to ensure the authenticity of the request and the identity of the user making the request</li><br />
<li>Corrections to personal data can be processed by changing the data in Moodle directly using an administrator account</li><br />
<li>Erasures of personal data can be processed by either deleting the user account, or by editing the user account to remove all identifying information and making it inactive</li><br />
<li>Records of personal data can be obtained from the “Site Administration -&gt; Reports -&gt; Logs” by downloading all the logs for a single user as a CSV file. There will likely be additional personal data about a user that is stored outside of Moodle, such as web server access logs.</li><br />
</ul><br />
</li><br />
</ul><br />
</li><br />
<li>Does your organisation have more than 250 employees?<br />
<ul><br />
<li>If you answered yes to this question then you must maintain detailed records on all processing of personal data. Refer to the regulation for details of the records that must be maintained</li><br />
</ul><br />
</li><br />
</ol><br />
<br />
== Site policy ==<br />
<br />
A site policy can be used to collect consent for the purposes of GDPR compliance. The site policy document should be reviewed carefully to make sure it covers all the information listed below, in succinct, simple language.<br />
<br />
In Moodle 3.4.2 onwards, to enable a site policy, enter the URL of the page in 'Site policy URL' (sitepolicy) in 'Policy settings' in the Site administration. (In versions of Moodle prior to 3.4.2, the setting 'Site policy URL' (sitepolicy) can be found in 'Site policies' in the Site administration.)<br />
<br />
The site policy page should contain all of the information listed below. The site policy will be displayed in an iframe as part of the login process, so it does not require headers and footers.<br />
<br />
A recommended practice is to create a file resource on the front page of the Moodle site and copy the URL for this resource to use as the site policy. This means the site policy is always available for your users to access, and can be updated easily from within Moodle. Note that this technique is incompatible with the “Force users to log in (forcelogin)” setting, (also in 'Site policies' in the Site administration) as the file resource will no longer be visible until the user has logged into the site.<br />
<br />
The site policy must include all of the following information in simple language:<br />
<br />
# What information is collected.<br />
# The purpose of all processing to be performed on the users data. Marketing must be listed separately with a separate revocable “consent”.<br />
# The identity of the data controller and contact information<br />
# List of rights<br />
# The period the data is stored<br />
# The mechanism for withdrawing consent<br />
# The mechanism for requesting corrections, or erasures of personal data<br />
# The mechanism for requesting a record of all personal data<br />
# List of third parties that data will be shared with (This includes integrations such as LTI, portfolios, plagiarism, repositories, authentication etc.) including:<br />
## The contact details of the data protection officer for each<br />
## The privacy policy for each.<br />
# Whether the personal data will be used for any automated decision making process, including the significance and details of the process (e.g. analytics).<br />
<br />
<br />
[[es:GDPR para administradores]]</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=GDPR_FAQ&diff=130545GDPR FAQ2018-03-26T13:57:26Z<p>Sander@moodle.com: </p>
<hr />
<div>{{GDPR}}<br />
<br />
===What is GDPR?===<br />
<br />
GDPR stands for General Data Protection Regulation, and refers to the European Union regulation for data protection for all individuals within the European Union.<br />
<br />
The regulation (Regulation (EU) 2016/679) becomes enforceable on 25 May 2018 and replaces the data protection directive (officially Directive 95/46/EC) from 1995.<br />
<br />
===Who needs to be GDPR compliant?===<br />
<br />
Any individual or organisation that stores or processes personal information on an identifiable person from an EU member state (regardless if the processing or storage of information occurs in the EU or not) are affected by GDPR.<br />
GDPR rules also applies if the individual or organisation themselves is located in an EU member state.<br />
<br />
===How is Moodle HQ assisting with GDPR compliance?===<br />
<br />
Earlier this year we reached out to the community through our forums and social media to gauge the needs of different organisations on how they would need to comply with GDPR. We received direct input from a number of Moodle institutions, our Moodle Partner network and developers.<br />
<br />
We have a plan to meet those needs and the plan involves the development of a set of features (made available through plugins and some minimal changes to core) which will assist Moodle sites meeting GDPR compliance needs. The features cover the following areas: <br />
<br />
* Onboarding of new users, including; age and location check to identify minors, versioning of privacy policies and the tracking of user consents;<br />
* Handling of subject access requests and erasure requests, and maintaining a data registry.<br />
<br />
[https://moodle.com/news/moodle-gdpr-approach-plan/ Find out more about our plan.] <br />
<br />
===What can I do now to make my Moodle ready for GDPR?===<br />
We recently released Moodle 3.4.2 and 3.3.5 which include the required core APIs to support two GDPR plugins we have released: <br />
<br />
* The Policy plugin provides a new user sign on process, with ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies;<br />
* The Data Privacy plugin provides the workflow for users to submit subject access requests and for site administrators and privacy officers to process these requests. The subject access request process currently retrieves the user information from the following core plugins:<br />
**Choice Activity Module<br />
**HTML Block<br />
**User Tours<br />
<br />
Hence we recommend you upgrade to either Moodle 3.4.2 or 3.3.5 to access these plugins.<br />
<br />
If you are on an older Moodle site, we recommend that you read the section on site policy on the [https://docs.moodle.org/310/en/GDPR_for_administrators GDPR for Moodle administrators guide.] <br />
<br />
===Is installing the Moodle plugins enough for GDPR compliance?===<br />
<br />
Installing the developed plugins alone will not be enough to meet the GDPR requirements. Correct configuration and implementation of the required processes and procedures is also required. <br />
<br />
We at Moodle HQ highly recommend that you also engage your IT and legal departments on what is required for GDPR compliance.<br />
<br />
<br />
==Any further questions?==<br />
<br />
Please post in the [https://moodle.org/mod/forum/view.php?id=7301 Security and privacy forum] on moodle.org.<br />
<br />
[[Category:FAQ]]<br />
<br />
[[es:GDPR FAQ]]</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=GDPR_for_administrators&diff=130543GDPR for administrators2018-03-26T13:55:26Z<p>Sander@moodle.com: </p>
<hr />
<div>{{GDPR}}<br />
<br />
Disclaimer: The advice in this document is provided for informational purposes only, and not be construed as legal or professional advice. Moodle Pty Ltd does not warrant that the advice is accurate, complete, reliable, current or error-free.<br />
<br />
== Checklist ==<br />
<br />
<ol><br />
<li> Is the Moodle site hosted in an EU member state, or is it possible that any user of the Moodle site is an individual from an EU member state?<br />
<ul><br />
<li> If you answered no to this question, you are not affected by this regulation. However, the benefits of data protection afforded by the regulation are universally applicable and you may consider voluntarily complying with this legislation for the benefit of your site users.</li><br />
</ul><br />
</li><br />
<li><br />
Do you require your site users to accept a site policy document before using your site (either in Moodle or something outside of Moodle, like a paper form)?<br />
<ul><br />
<li>If you answered no to this question, you must start doing so. Users need to be aware of their rights and the processes with which they can exercise their rights.</li><br />
<li>If you answered yes to this question you must review your privacy policy to make sure it covers all requirements of the new regulations (see “Site policy” below). If you change your privacy policy you must get all site users to accept the new policy before they can continue using the site.</li><br />
</ul><br />
</li><br />
<li>Is it possible that your site is used by minors? (Under 16 in most member states, but some states may reduce this as low as 13 years).<br />
<ul><br />
<li>If you answered yes to this question, you must ensure that the consent is obtained from their legal guardian. Keep in mind that collecting and processing personal information on minors is may impact your risk assessment. You should take extra care to adequately secure this information, and retain it for as short a period as is necessary.</li><br />
</ul><br />
</li><br />
<li>Is it the collection or storage of personal data from your site users likely to result in a high risk to their rights and freedoms?<br />
<ul><br />
<li>Some examples that would indicate high risk are:<br />
<ul><br />
<li>a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person</li><br />
<li>processing on a large scale of special categories of data including<br />
<ul><br />
<li>Racial or ethnic origin</li><br />
<li>Political opinions</li><br />
<li>Religious or philosophical beliefs</li><br />
<li>Trade union membership</li><br />
<li>Genetic data</li><br />
<li>Biometric data</li><br />
<li>Data concerning health</li><br />
<li>Sexual orientation</li><br />
<li>Data concerning a natural person’s sex life</li><br />
<li>Criminal convictions</li><br />
</ul><br />
</li><br />
<li>This is not an exhaustive list and if you are unsure if you should consider the data collected from your users as “High risk” you should refer to the legislation and seek professional advice.</li><br />
</ul><br />
</li><br />
<li>If the answer is “Yes”, you should perform a Data Protection Impact Assessment. Refer to the legislation and seek professional advice.</li><br />
</ul><br />
</li><br />
<li>Do you use any of the collected personal information for the purposes of marketing?<br />
<ul><br />
<li>If you answered yes to this question - you must obtain a separate consent from each user to use this data for this purpose. Consent to use the data for marketing must be separately withdrawable by the user.</li><br />
</ul><br />
</li><br />
<li>Do you use any of the collected personal information for the purposes of research?<br />
<ul><br />
<li>If you answered yes to this question, you must either obtain a specific consent from each user to use the data for this purpose, or completely anonymise the data before using it for research. <br /><br />[https://github.com/moodlehq/moodle-local_anonymise https://github.com/moodlehq/moodle-local_anonymise] is an example of a tool designed to anonymise all the data on a moodle site.</li><br />
</ul><br />
</li><br />
<li>Do you share any of the collected data with any third parties? This includes sites and services that integrate with Moodle such as: Google analytics, LTI, Repositories (Google Docs, OneDrive etc), Authentication systems etc. This also includes sites and services used in the provision of your own Moodle site such as hosting providers.<br />
<ul><br />
<li>If you answered yes to this question then you are responsible for all data that is shared with a third party. You must obtain the user’s consent to share this data with each third party. If the list of third party services changes you must re-obtain consent from all site users for each new third party site/service. You should also take reasonable steps to ensure that each third party will adequately protect users personal data including:<br />
<ul><br />
<li>Reviewing the third party privacy policy to make sure it is congruent with your own</li><br />
<li>Monitoring and notifying your site users about changes to the third party privacy policy</li><br />
<li>Identify the mechanism for processing requests to erase or correct personal data with each third party so that you can follow this process when you receive one of these requests for your own site</li><br />
<li>Identify and list the data protection officer, and privacy policy for each third party site as part of your own privacy policy</li><br />
</ul><br />
</li><br />
<li>Google analytics for example has not yet provided clear updated instructions on how to comply with the new GDPR when using their service. It is probable that they will issue guidance on how to use Google Analytics in compliance with the GDPR before it becomes enforceable, but this example demonstrates that it is your responsibility to ensure the protection of privacy of the users of your site and it is not legal to use cloud services without considering the privacy implications of each and every service provider.</li><br />
</ul><br />
</li><br />
<li>Do you follow best practice policies and procedures to ensure data security?<br />
<ul><br />
<li>If you answered no to this question then you have must review your policies and procedures to ensure you are not placing your sites users personal data at risk.<br />
<ul><br />
<li>“Best practices” includes but is not limited to organisational and technical measures to ensure a level of security appropriate to the risk such that:<br />
<ul><br />
<li>pseudonymisation and encryption of personal data</li><br />
<li>the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services</li><br />
<li>the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident</li><br />
<li>a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing</li><br />
</ul><br />
</li><br />
<li>Examples:<br />
<ul><br />
<li>Appropriate use of encryption (https)</li><br />
<li>Maintaining all systems and software with relevant security updates.</li><br />
<li>Deletion of personal data as soon as possible, once it is no longer required for the purpose it was collected.</li><br />
</ul><br />
</li><br />
</ul><br />
</li><br />
</ul><br />
</li><br />
<li>Do you have defined policies and procedures for disclosing data breaches?<br />
<ul><br />
<li>If you answered no this question then you must define some</li><br />
<li>If you have existing policies and procedures they should be reviewed</li><br />
<li>These policies and procedures must include notifying the Supervisory Authority within 72 hours of the data breach and notifying all affected users if they have been adversely affected (personal data disclosed).</li><br />
</ul><br />
</li><br />
<li>Have you appointed a data protection officer, and listed them in your privacy policy?<br />
<ul><br />
<li>If you answered no to this question then you must appoint one and list them in your sites privacy policy. The data protection officer is expected to be “proficient at managing IT processes, data security (including dealing with cyber-attacks) and other critical business continuity issues around the holding and processing of personal and sensitive data [[#ref1|1]].</li><br />
</ul><br />
</li><br />
<li>Do you have a mechanism with with your site users can request their personal data is erased, corrected or made available to the requesting user on your site?<br />
<ul><br />
<li>If you answered yes to this question then must ensure it is listed in your sites privacy policy</li><br />
<li>If you answered no to this question then you define one and list it in your sites privacy policy<br />
<ul><br />
<li>For a Moodle site a suitable mechanism would be an email address, reserved for this purpose that is monitored by an administrator for your Moodle site. Once a request is received, reasonable steps should be taken to ensure the authenticity of the request and the identity of the user making the request</li><br />
<li>Corrections to personal data can be processed by changing the data in Moodle directly using an administrator account</li><br />
<li>Erasures of personal data can be processed by either deleting the user account, or by editing the user account to remove all identifying information and making it inactive</li><br />
<li>Records of personal data can be obtained from the “Site Administration -&gt; Reports -&gt; Logs” by downloading all the logs for a single user as a CSV file. There will likely be additional personal data about a user that is stored outside of Moodle, such as web server access logs.</li><br />
</ul><br />
</li><br />
</ul><br />
</li><br />
<li>Does your organisation have more than 250 employees?<br />
<ul><br />
<li>If you answered yes to this question then you must maintain detailed records on all processing of personal data. Refer to the regulation for details of the records that must be maintained</li><br />
</ul><br />
</li><br />
</ol><br />
<br />
== Site policy ==<br />
<br />
A site policy can be used to collect consent for the purposes of GDPR compliance. The site policy document should be reviewed carefully to make sure it covers all the information listed below, in succinct, simple language.<br />
<br />
In Moodle 3.4.2 onwards, to enable a site policy, enter the URL of the page in 'Site policy URL' (sitepolicy) in 'Policy settings' in the Site administration. (In versions of Moodle prior to 3.4.2, the setting 'Site policy URL' (sitepolicy) can be found in 'Site policies' in the Site administration.)<br />
<br />
The site policy page should contain all of the information listed below. The site policy will be displayed in an iframe as part of the login process, so it does not require headers and footers.<br />
<br />
A recommended practice is to create a file resource on the front page of the Moodle site and copy the URL for this resource to use as the site policy. This means the site policy is always available for your users to access, and can be updated easily from within Moodle. Note that this technique is incompatible with the “Force users to log in (forcelogin)” setting, (also in 'Site policies' in the Site administration) as the file resource will no longer be visible until the user has logged into the site.<br />
<br />
The site policy must include all of the following information in simple language:<br />
<br />
# What information is collected.<br />
# The purpose of all processing to be performed on the users data. Marketing must be listed separately with a separate revocable “consent”.<br />
# The identity of the data controller and contact information<br />
# List of rights<br />
# The period the data is stored<br />
# The mechanism for withdrawing consent<br />
# The mechanism for requesting corrections, or erasures of personal data<br />
# The mechanism for requesting a record of all personal data<br />
# List of third parties that data will be shared with (This includes integrations such as LTI, portfolios, plagiarism, repositories, authentication etc.) including:<br />
## The contact details of the data protection officer for each<br />
## The privacy policy for each.<br />
# Whether the personal data will be used for any automated decision making process, including the significance and details of the process (e.g. analytics).<br />
<br />
=== Sample site policy ===<br />
<br />
'''Privacy and personal data'''<br />
<br />
At Company XYZ we take your privacy very seriously. In order to provide access to the service we must collect and store some personal information about you.<br />
<br />
'''Minors'''<br />
<br />
Children under 16 years of age are not permitted to access the services provided by [https://example.com/ https://example.com/]. By agreeing to this privacy policy you are also agreeing that you are 16 years of age or older.<br />
<br />
'''What is collected?'''<br />
<br />
Basic profile information is collected from you when you create your account including your full name and email address.<br />
<br />
As you use the site, information about the users, courses, activities and resources you interact with will also be stored and linked to your profile information.<br />
<br />
'''How is this information used?'''<br />
<br />
This information is only used to provide you access to the online courses at [https://example.com/ https://example.com/]. Statistical information about usage of the site is also used to improve the site and services provided on the [https://example.com/ https://example.com/] website.<br />
<br />
'''Who can I contact?'''<br />
<br />
The data protection officer for Company XYZ is John Smith and they may be contacted at [mailto:privacy@example.com privacy@example.com]<br />
<br />
'''Who is my data shared with?'''<br />
<br />
In order to provide access to LTI content provided by https://www.awesomeltis.com, we may share your basic profile information with Awesome LTI Ltd. The data protection officer for Awesome LTI Ltd is Mrs Jane Smith and she may be contacted at [mailto:privacy@awesomeltis.com privacy@awesomeltis.com]. The privacy policy for Awesome LTI Ltd is available at [http://www.awesomeltis.com/privacy https://www.awesomeltis.com/privacy]. In order to protect your privacy Company XYZ has entered into a data sharing agreement with Awesome LTI Ltd. The terms of this agreement are available here: [https://example.com/data-sharing.html https://example.com/data-sharing.html].<br />
<br />
'''How long is my data stored?'''<br />
<br />
Your personal data is stored as long as you are enrolled in one or more online courses at [https://example.com/ https://example.com/]. Course data is deleted 6 months after the end date for each course and profile information will be anonymised when an account has not been accessed for 12 consecutive months.<br />
<br />
'''How do I withdraw my consent for Company XYZ to store and process my personal data?'''<br />
<br />
If you have previously consented to allow Company XYZ to store and process your personal data in accordance with this privacy policy, and you wish to withdraw your consent, please send an email to the data protection officer at [mailto:privacy@example.com privacy@example.com]. You will no longer be able to access the services provided by [https://example.com/ https://example.com/] if your consent is withdrawn.<br />
<br />
'''How do I request that my personal data is corrected or erased?'''<br />
<br />
You may make corrections to your basic profile information by logging into the [https://example.com/ https://example.com/] and editing your own profile. If you have questions, or would like any other data to be corrected or erased, please send an email to the data protection officer at [mailto:privacy@example.com privacy@example.com].<br />
<br />
'''How do I request a record of all my personal data that has been collected?'''<br />
<br />
You may request a record of all of the personal data relating to you that has been collected in accordance with this privacy policy. To do so, please send an email to the data protection officer at [mailto:privacy@example.com privacy@example.com].<br />
<br />
<br />
<br />
<br />
<br />
[[es:GDPR para administradores]]</div>Sander@moodle.comhttps://docs.moodle.org/310/en/index.php?title=GDPR&diff=130542GDPR2018-03-26T13:53:45Z<p>Sander@moodle.com: </p>
<hr />
<div><div class="navtrail">[[Main page]] ► [[GDPR]]</div><br />
<div class="sideblock right" style="width: 16em;"> <br />
<div class="header">[[GDPR]]</div> <br />
<div class="content"><br />
</div><br />
* [[GDPR for administrators|GDPR for admins]]<br />
* [[GDPR FAQ]]<br />
</div><br />
<br />
== Overview ==<br />
<br />
GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union. The regulation (Regulation (EU) 2016/679)[[#ref2|2]] becomes enforceable on 25 May 2018 and replaces the data protection directive (officially Directive 95/46/EC)[[#ref3|3]] from 1995.<br />
<br />
===Who does it affect?===<br />
<br />
Any individual or organisation that stores or processes personal information on an identifiable person from an EU member state (regardless if the processing or storage of information occurs in the EU or not). It also applies if the individual or organisation themselves is located in an EU member state.<br />
<br />
===What kind of information comprises personal data in a Moodle site?===<br />
<br />
It is all information that can be associated with a natural person. Each user account and all the activity associated with that user account is classified as personal information. This also extends to associated information such as web server log files.<br />
<br />
===How is Moodle HQ assisting with GDPR compliance?===<br />
<br />
Earlier this year we reached out to the community through our forums and social media to gauge the needs of different organisations on how they would need to comply with GDPR. We received direct input from a number of Moodle institutions, our Moodle Partner network and developers.<br />
<br />
We have a plan to meet those needs and are scheduling the development within our Open Source team under the lead of Sander Bangma, our Open Source Development Coordinator.<br />
The plan involves the development of a set of features (made available through plugins and some minimal changes to core) which will assist Moodle sites meeting GDPR compliance needs. The features cover the following areas: <br />
<br />
* Onboarding of new users, including; age and location check to identify minors, versioning of privacy policies and the tracking of user consents;<br />
* Handling of subject access requests and erasure requests, and maintaining a data registry.<br />
<br />
[https://moodle.com/news/moodle-gdpr-approach-plan/ Find out more about our plan.]<br />
<br />
'''Important note:''' Installing the developed plugins alone will not be enough to meet the GDPR requirements. Correct configuration and implementation of the required processes and procedures is also required. <br />
<br />
We at Moodle HQ highly recommend that you also engage your IT and legal departments on what is required for GDPR compliance.<br />
<br />
<br />
==GDPR for Moodle administrators==<br />
<br />
If you are a Moodle system administrator and have a Moodle site older than the 3.3.5 or 3.4.2 version, or have a site that is not affected by GDPR but would still like to do as much as possible towards compliance, we recommend you read our [https://docs.moodle.org/310/en/GDPR_for_administrators “GDPR for Moodle Administrators”] guide. <br />
<br />
If you are on Moodle 3.4.2 version and above, please refer to our [https://docs.moodle.org/310/en/GDPR_for_administrators_(Moodle_3.4.2%2B) “GDPR for Moodle Administrators (Moodle 3.4.2+)”] guide for information on GDPR functionalities that have been released recently and continuing to develop.<br />
<br />
==Moodle & GDPR for plugin developers==<br />
<br />
If you are a plugin developer, we recommend the following actions to assist you in preparing your Moodle plugin for GDPR:<br />
<br />
* please read through our spec documentation [[:dev:GDPR for plugin developers|GDPR for plugin developers]] in the dev docs and,<br />
* join the discussion [https://moodle.org/mod/forum/discuss.php?d=352538 EU General Data Protection Regulation (GDPR) compliance.]<br />
<br />
==Moodle & GDPR for Educators & Learners==<br />
<br />
If you are an educator or a learner and would like to find out more about your rights under GDPR and how features in Moodle can assist with protecting your data privacy, we recommend you:<br />
<br />
* Check in with your system administrators for information specific to your institution or organisation; <br />
* Read more information on GDPR in the “See also” section below. <br />
<br />
==Latest News & Updates==<br />
<br />
* [https://moodle.org/mod/forum/discuss.php?d=367479#p1482159 Moodle 3.4.2, 3.3.5, 3.2.8 and 3.1.11 are now available and include the required core APIs to support the GDPR plugins.] <br />
* [https://moodle.org/mod/forum/discuss.php?d=367522#p1482337 Data Privacy and Policy plugins to support GDPR compliance now available]<br />
<br />
==See also==<br />
<br />
* [[GDPR FAQ]]<br />
<br />
References:<br />
<br />
* [https://www.eugdpr.org/ Home Page of EU GDPR]<br />
* [http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf GDPR Regulation]<br />
* [http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:31995L0046 Directive 95/46/EC]<br />
<br />
[[Category:GDPR]]<br />
<br />
[[es:GDPR]]<br />
[[fr:RGPD]]</div>Sander@moodle.com