GDPR for administrators (Moodle 3.4.2+)
Plugins
Two GDPR plugins are available on the plugin database for adding GDPR functionality to Moodle 3.4.2 or 3.3.5 sites. The plugins will continue to be updated and refined over the next few weeks.
The Policies plugin provides a new user sign on process, with ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies.
The Data privacy plugin provides the workflow for users to submit subject access requests and for site administrators and privacy officers to process these requests. The subject access request process currently retrieves the user information from the following core plugins:
- Choice activity Module
- HTML block
- User Tours
Support for retrieving user information from the remaining core plugins will be added soon. The plugin will also be further extended to include functionality for data erasure requests and the data registry to define a purpose and retention period for data stored in a Moodle site.
User documentation for both the Policy and Data Privacy plugins will be available soon.
Core changes
Moodle 3.4.2 and 3.3.5 include the following core API changes that are required to support the GDPR plugins:
- An age and location check to identify minors
- The API to request personal data from all plugins
- Implementation of the API for a subset of Moodle core plugins so far
Those wanting to explore and use the new plugins should therefore upgrade to either Moodle 3.4.2 or 3.3.5. All GDPR functionality will be integrated in the Moodle 3.5 release.
More information coming soon...