GDPR for administrators (Moodle 3.4.2+)

From MoodleDocs


Two GDPR plugins are available on the plugin database for adding GDPR functionality to Moodle 3.4.3 or 3.3.6 sites. The plugins offer the same functionality that is incorporated in the standard Moodle 3.5 distribution.

The Policies plugin provides a new user sign on process, with ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies.

The Data privacy plugin provides the workflow for users to submit subject access requests, erasure requests and for site administrators and privacy officers to process these requests, as well as a data registry to define a purpose and retention period for data stored in a Moodle site.

User documentation for both the Policy and Data Privacy plugins will be further updated soon.

Core changes

Moodle 3.4.3 and 3.3.6 include the following core API changes that are required to support the GDPR plugins:

  • An age and location check to identify minors
  • The API to request personal data from all plugins
  • Implementation of the API for a subset of Moodle core plugins so far

Those on Moodle 3.3 and 3.4 wanting to explore and use the new plugins should therefore upgrade to either Moodle 3.4.3 or 3.3.6. All GDPR functionality has been integrated in the Moodle 3.5 release.

More information coming soon...