GDPR: Difference between revisions

Latest revision as of 15:04, 16 May 2018

Overview

GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union. The regulation (Regulation (EU) 2016/679)2 becomes enforceable on 25 May 2018 and replaces the data protection directive (officially Directive 95/46/EC)3 from 1995.

Who does it affect?

Any individual or organisation that stores or processes personal information on an identifiable person from an EU member state (regardless if the processing or storage of information occurs in the EU or not). It also applies if the individual or organisation themselves is located in an EU member state.

What kind of information comprises personal data in a Moodle site?

It is all information that can be associated with a natural person. Each user account and all the activity associated with that user account is classified as personal information. This also extends to associated information such as web server log files.

How is Moodle HQ assisting with GDPR compliance?

Earlier this year we reached out to the community through our forums and social media to gauge the needs of different organisations on how they would need to comply with GDPR. We received direct input from a number of Moodle institutions, our Moodle Partner network and developers.

We developed a set of features (made available in Moodle 3.5 and through plugins and some minimal changes to core, for Moodle 3.3 and 3.4) which will assist Moodle sites meeting GDPR compliance needs. The features cover the following areas:

Onboarding of new users, including; age and location check to identify minors, versioning of privacy policies and the tracking of user consents;
Handling of subject access requests and erasure requests, and maintaining a data registry.

Find out more about the approach we took.

Important note: Installing the developed plugins alone will not be enough to meet the GDPR requirements. Correct configuration and implementation of the required processes and procedures is also required.

We at Moodle HQ highly recommend that you also engage your IT and legal departments on what is required for GDPR compliance.

GDPR plugins

Policies plugin - requires Moodle 3.3.6 or 3.4.3 onwards, and is included as standard in Moodle 3.5
Data privacy plugin - also requires Moodle 3.3.6 or 3.4.3 onwards, and is included as standard in Moodle 3.5

GDPR for Moodle administrators

If you are a Moodle system administrator and have a Moodle site older than the 3.3.6 or 3.4.3 version, or have a site that is not affected by GDPR but would still like to do as much as possible towards compliance, we recommend you read our “GDPR for Moodle Administrators” guide.

If you are on Moodle 3.3.6 or 3.4.3 version and above, please refer to our “GDPR for Moodle Administrators (Moodle 3.4.2+)” guide for information on GDPR functionalities that have been released recently.

Moodle 3.5 includes the GDPR feature set as part of the standard distribution and does not require use of the GDPR plugins.

Moodle & GDPR for plugin developers

If you are a plugin developer, we recommend the following actions to assist you in preparing your Moodle plugin for GDPR:

please read through our spec documentation GDPR for plugin developers in the dev docs and,
join the discussion EU General Data Protection Regulation (GDPR) compliance.

Moodle & GDPR for Educators & Learners

If you are an educator or a learner and would like to find out more about your rights under GDPR and how features in Moodle can assist with protecting your data privacy, we recommend you:

Check in with your system administrators for information specific to your institution or organisation;
Read more information on GDPR in the “See also” section below.

Latest News & Updates

Data Privacy and Policy plugins to support GDPR compliance now available

@@ Line 5: / Line 5: @@
 </div>
 * [[GDPR for administrators|GDPR for admins]]
-* [[:dev:GDPR for plugin developers|GDPR for developers]]
+* [[Policies plugin]]
+* [[Data privacy plugin]]
 * [[GDPR FAQ]]
 </div>
@@ Line 13: / Line 14: @@
 GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union. The regulation (Regulation (EU) 2016/679)[[#ref2|2]] becomes enforceable on 25 May 2018 and replaces the data protection directive (officially Directive 95/46/EC)[[#ref3|3]] from 1995.
-Who does it affect?
+===Who does it affect?===
 Any individual or organisation that stores or processes personal information on an identifiable person from an EU member state (regardless if the processing or storage of information occurs in the EU or not). It also applies if the individual or organisation themselves is located in an EU member state.
-What kind of information comprises personal data in a Moodle site?
+===What kind of information comprises personal data in a Moodle site?===
-It is all information that can be associated with a natural person. Each user account and all the activity associated with that user account is classified as personal information. This extends to information stored in backups, as well as associated information such as web server log files.
+It is all information that can be associated with a natural person. Each user account and all the activity associated with that user account is classified as personal information. This also extends to associated information such as web server log files.
-What are the penalties for non-compliance with the regulations? Severe!
+===How is Moodle HQ assisting with GDPR compliance?===
+Earlier this year we reached out to the community through our forums and social media to gauge the needs of different organisations on how they would need to comply with GDPR. We received direct input from a number of Moodle institutions, our Moodle Partner network and developers.
+We developed a set of features (made available in Moodle 3.5 and through plugins and some minimal changes to core, for Moodle 3.3 and 3.4) which will assist Moodle sites meeting GDPR compliance needs.  The features cover the following areas:
+* Onboarding of new users, including; age and location check to identify minors, versioning of privacy policies and the tracking of user consents;
+* Handling of subject access requests and erasure requests, and maintaining a data registry.
+[https://moodle.com/news/moodle-gdpr-approach-plan/ Find out more about the approach we took.]
+'''Important note:''' Installing the developed plugins alone will not be enough to meet the GDPR requirements. Correct configuration and implementation of the required processes and procedures is also required.
+We at Moodle HQ highly recommend that you also engage your IT and legal departments on what is required for GDPR compliance.
+====GDPR plugins====
+* [[Policies plugin]] - requires Moodle 3.3.6 or 3.4.3 onwards, and is included as standard in Moodle 3.5
+* [[Data privacy plugin]] - also requires Moodle 3.3.6 or 3.4.3 onwards, and is included as standard in Moodle 3.5
 ==GDPR for Moodle administrators==
-Please read our guide [[GDPR for administrators]].
+If you are a Moodle system administrator and have a Moodle site older than the 3.3.6 or 3.4.3 version, or have a site that is not affected by GDPR but would still like to do as much as possible towards compliance, we recommend you read our [https://docs.moodle.org/35/en/GDPR_for_administrators “GDPR for Moodle Administrators”] guide.
+If you are on Moodle 3.3.6 or 3.4.3 version and above, please refer to our [https://docs.moodle.org/35/en/GDPR_for_administrators_(Moodle_3.4.2%2B) “GDPR for Moodle Administrators (Moodle 3.4.2+)”] guide for information on GDPR functionalities that have been released recently.
+Moodle 3.5 includes the GDPR feature set as part of the standard distribution and does not require use of the GDPR plugins.
+==Moodle & GDPR for plugin developers==
+If you are a plugin developer, we recommend the following actions to assist you in preparing your Moodle plugin for GDPR:
+* please read through our spec documentation [[:dev:GDPR for plugin developers|GDPR for plugin developers]] in the dev docs and,
+* join the discussion [https://moodle.org/mod/forum/discuss.php?d=352538 EU General Data Protection Regulation (GDPR) compliance.]
+==Moodle & GDPR for Educators & Learners==
+If you are an educator or a learner and would like to find out more about your rights under GDPR and how features in Moodle can assist with protecting your data privacy, we recommend you:
+* Check in with your system administrators for information specific to your institution or organisation;
+* Read more information on GDPR in the “See also” section below.
-==Moodle and GDPR for plugin developers==
+==Latest News & Updates==
-To assist plugin developers in preparing for GDPR in their Moodle sites, please read through our spec documentation [[:dev:GDPR for plugin developers|GDPR for plugin developers]] in the dev docs or join the discussion [https://moodle.org/mod/forum/discuss.php?d=352538 EU General Data Protection Regulation (GDPR) compliance].
+* [https://moodle.org/mod/forum/discuss.php?d=367522#p1482337 Data Privacy and Policy plugins to support GDPR compliance now available]
 ==See also==
@@ Line 37: / Line 74: @@
 References:
-* [https://www.eugdpr.org/ Home Page of EU GDPR]
+* [https://www.eugdpr.org/ Unofficial EU GDPR Educational Page]
 * [http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf GDPR Regulation]
 * [http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:31995L0046 Directive 95/46/EC]
+* [https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ Guide to the General Data Protection Regulation (GDPR)] from the UK's Information Commissioner's Office
 [[Category:GDPR]]
@@ Line 45: / Line 83: @@
 [[es:GDPR]]
 [[fr:RGPD]]
+[[de:DSGVO]]

Documentation