Data privacy: Difference between revisions
| Data privacy | |
|---|---|
| Type | Admin tools |
| Set | N/A |
| Downloads | https://moodle.org/plugins/tool_dataprivacy |
| Issues | https://tracker.moodle.org/issues/?jql=component%20%3D%20Privacy |
| Discussion | |
| Maintainer(s) | Moodle HQ |
Helen Foster (talk | contribs) (Requesting data) |
Helen Foster (talk | contribs) (Data requests, Responding to data requests) |
||
| Line 7: | Line 7: | ||
}} | }} | ||
The Data privacy plugin provides the workflow for users to submit subject access requests and for the site administrator or | The Data privacy plugin provides the workflow for users to submit subject access requests and for the site administrator or Data Protection Officer (DPO) to process these requests. | ||
The Data Privacy plugin forms part of Moodle’s privacy feature set and will assist sites to become GDPR compliant. It requires Moodle 3.4.2 or later and will be integrated in the Moodle 3.5 release in May 2018. | The Data Privacy plugin forms part of Moodle’s privacy feature set and will assist sites to become GDPR compliant. It requires Moodle 3.4.2 or later and will be integrated in the Moodle 3.5 release in May 2018. | ||
== | ==Data Protection Officer role== | ||
After installing the data privacy plugin, the first thing to do is to create a [[Data Protection Officer role]] and assign it. | |||
==Data requests== | |||
[[File:requesting data.png|thumb|Requesting data]] | [[File:requesting data.png|thumb|Requesting data]] | ||
Any user can send a message to the Data Protection Officer via the 'Contact Data Protection Officer' link on their profile page. | Any user can send a message to the Data Protection Officer via the 'Contact Data Protection Officer' link on their profile page. | ||
In addition, they can request a copy of all of their personal data as follows: | In addition, they can request a copy of all of their personal data or request that their personal data should be deleted as follows: | ||
# Go to your profile page (via the user menu). | # Go to your profile page (via the user menu). | ||
# Click the link 'Data requests' then click the 'New request' button. | # Click the link 'Data requests' then click the 'New request' button. | ||
# Select 'Export all of my personal data'. | # Select 'Export all of my personal data' or 'Delete all of my personal data' as appropriate. | ||
# Save changes. | # Save changes. | ||
[[File:Request approved.png|thumb|Request approved]] | |||
The DPO will then receive a data request notification. | |||
If the user has requested a copy of all of their personal data, once the request is approved, they will receive a notification to inform them that their personal data may be downloaded from their Data requests page. | |||
If the user has requested that their personal data should be deleted, once the request is approved, they will receive an email to inform them and they will no longer be able to log in to the site. | |||
==Responding to data requests== | |||
[[File:viewing a data request.png|thumb|Viewing a data request]] | |||
The DPO can respond to data requests as follows: | |||
# Go to 'Data requests' in the Site administration (or follow the link in the data request notification). | |||
# In the Actions dropdown, select View, Approve, or Deny as appropriate. | |||
==Capabilities== | ==Capabilities== | ||
Revision as of 15:50, 12 April 2018
The Data privacy plugin provides the workflow for users to submit subject access requests and for the site administrator or Data Protection Officer (DPO) to process these requests.
The Data Privacy plugin forms part of Moodle’s privacy feature set and will assist sites to become GDPR compliant. It requires Moodle 3.4.2 or later and will be integrated in the Moodle 3.5 release in May 2018.
Data Protection Officer role
After installing the data privacy plugin, the first thing to do is to create a Data Protection Officer role and assign it.
Data requests
Any user can send a message to the Data Protection Officer via the 'Contact Data Protection Officer' link on their profile page.
In addition, they can request a copy of all of their personal data or request that their personal data should be deleted as follows:
- Go to your profile page (via the user menu).
- Click the link 'Data requests' then click the 'New request' button.
- Select 'Export all of my personal data' or 'Delete all of my personal data' as appropriate.
- Save changes.
The DPO will then receive a data request notification.
If the user has requested a copy of all of their personal data, once the request is approved, they will receive a notification to inform them that their personal data may be downloaded from their Data requests page.
If the user has requested that their personal data should be deleted, once the request is approved, they will receive an email to inform them and they will no longer be able to log in to the site.
Responding to data requests
The DPO can respond to data requests as follows:
- Go to 'Data requests' in the Site administration (or follow the link in the data request notification).
- In the Actions dropdown, select View, Approve, or Deny as appropriate.
