GDPR for administrators (Moodle 3.4.2+)
Plugins
Two plugins are available as follows for adding GDPR functionality to Moodle 3.4.2 or 3.3.5 sites. (All GDPR functionality will be available as standard in Moodle 3.5.)
The Policies plugin provides a new user sign on process, with ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies.
The Data privacy plugin provides the workflow for users to submit subject access requests and for site administrators and privacy officers to process these requests. The subject access request process currently retrieves the user information from the following core plugins:
- Choice Activity Module
- HTML Block
- User Tours
Support for retrieving user information from the remaining core plugins will be added soon. The plugin will also be further extended to include functionality for data erasure requests and the data registry to define a purpose and retention period for data stored in a Moodle site.
Moodle 3.4.2 and 3.3.5 include the following core API changes that are required to support the GDPR plugins:
- An age and location check to identify minors
- The API to request personal data from all plugins
- Implementation of the API for a subset of Moodle core plugins so far
More information coming soon...