Datenschutz in Moodle gewährleisten: Unterschied zwischen den Versionen
(Die Seite wurde neu angelegt: „{{Zum Überarbeiten}} {{Datenschutz}} =Overview= Complying with data privacy regulations is not a one-time task. Once a Moodle site has been configured to […“) |
Keine Bearbeitungszusammenfassung |
||
| Zeile 3: | Zeile 3: | ||
{{Datenschutz}} | {{Datenschutz}} | ||
= | ==Überblick== | ||
Complying with data privacy regulations is not a one-time task. Once a Moodle site has been configured to [[Setting up data privacy|implement data privacy policies]], the site must be monitored regularly to respond to data requests and other privacy-related events. | Complying with data privacy regulations is not a one-time task. Once a Moodle site has been configured to [[Setting up data privacy|implement data privacy policies]], the site must be monitored regularly to respond to data requests and other privacy-related events. | ||
= | ==Datenanfragen beantworten== | ||
Users may request a copy of all data related to the user that is held on the site. Users may also request that all data related to them is deleted from the site. An email will be sent to the address designated in the Data Privacy Offer setup, and the request will be placed in a queue for approval. | Users may request a copy of all data related to the user that is held on the site. Users may also request that all data related to them is deleted from the site. An email will be sent to the address designated in the Data Privacy Offer setup, and the request will be placed in a queue for approval. | ||
| Zeile 18: | Zeile 18: | ||
For more information, see [[admin/tool/dataprivacy/datarequests|Data requests]]. | For more information, see [[admin/tool/dataprivacy/datarequests|Data requests]]. | ||
= | ==Im Namen einer anderen Person einer Richtlinie zustimmen== | ||
An admin or any user with the capability [[Capabilities/tool/policy:acceptbehalf|Agree to the policies on someone else's behalf]] can give consent on behalf of minors or when a written consent was obtained offline. For more information, see [[admin/tool/policy/acceptances|User agreements]]. | An admin or any user with the capability [[Capabilities/tool/policy:acceptbehalf|Agree to the policies on someone else's behalf]] can give consent on behalf of minors or when a written consent was obtained offline. For more information, see [[admin/tool/policy/acceptances|User agreements]]. | ||
= | ==Nutzerbestätigungen überwachen== | ||
It may be necessary to monitor a site to determine who has agreed to a policy and who has not, especially if a policy has been changed. Failure to agree to a policy will prevent the user from logging in. The [[Capabilities/tool/policy:viewacceptances|capability to check policy agreements]] may be necessary for technical support personnel responsible for troubleshooting login problems. For more information, see [[admin/tool/policy/acceptances|User agreements]]. | It may be necessary to monitor a site to determine who has agreed to a policy and who has not, especially if a policy has been changed. Failure to agree to a policy will prevent the user from logging in. The [[Capabilities/tool/policy:viewacceptances|capability to check policy agreements]] may be necessary for technical support personnel responsible for troubleshooting login problems. For more information, see [[admin/tool/policy/acceptances|User agreements]]. | ||
| Zeile 29: | Zeile 29: | ||
As part of configuring the Moodle site for data privacy, retention periods have been set for each "purpose" of data. As these retention periods come to an end, data is queued for deletion after approval by the site Data Privacy Officer. See [[admin/tool/dataprivacy/datadeletion|Data deletion]] for more information. | As part of configuring the Moodle site for data privacy, retention periods have been set for each "purpose" of data. As these retention periods come to an end, data is queued for deletion after approval by the site Data Privacy Officer. See [[admin/tool/dataprivacy/datadeletion|Data deletion]] for more information. | ||
= | ==Richtlinien aktuell halten== | ||
Regularien und Richtlinien einer Organisation können sich ändern, und das sollte sich auch in den Richtlinien der Moodle-Site widerspiegeln. Wenn es Änderungen einer Richtlinie gibt, dann wird eine neue Version der Richtlinie angelegt. Nutzer/innen müssen der neuen Version zustimmen, wenn sie sich das nächste Mal in Moodle anmelden. Richtlinien können auch eaktiviert werden, sie können jedoch nicht gelöscht werden, wenn mindestens eine Person ihr zugestimmt hat. Mehr Informationen dazu finden Sie unter [[admin/tool/policy/managedocs|Richtlinien verwalten]]. | |||
==Verstöße== | |||
= | |||
The GDPR also requires organizations to implement appropriate policies, protect personal data by using security protocols, conduct privacy impact assessments, and keep detailed records on data activities. The EU GDPR places strict control on where personal data is stored and how it is used. | The GDPR also requires organizations to implement appropriate policies, protect personal data by using security protocols, conduct privacy impact assessments, and keep detailed records on data activities. The EU GDPR places strict control on where personal data is stored and how it is used. | ||
Version vom 17. Juli 2018, 12:37 Uhr
Diese Seite muss überarbeitet werden. Greif zu!
Wenn du dich um diesen Artikel kümmern willst, dann kennzeichne das, indem du die Vorlage {{Überarbeiten}} durch die Vorlage {{ÜberarbeitenVergeben}} ersetzt.
Wenn du mit deiner Arbeit fertig bist, dann entferne die Vorlage aus dem Artikel.
Danke für deine Mitarbeit!
Überblick
Complying with data privacy regulations is not a one-time task. Once a Moodle site has been configured to implement data privacy policies, the site must be monitored regularly to respond to data requests and other privacy-related events.
Datenanfragen beantworten
Users may request a copy of all data related to the user that is held on the site. Users may also request that all data related to them is deleted from the site. An email will be sent to the address designated in the Data Privacy Offer setup, and the request will be placed in a queue for approval.
The Data Privacy Officer or a designate should monitor the queue of such requests to approve them in a timely manner. The Privacy Officer can respond to data requests as follows:
- Go to 'Data requests' in the Site administration (or follow the link in the data request notification).
- In the Actions dropdown, select View, Approve, or Deny as appropriate.
For more information, see Data requests.
Im Namen einer anderen Person einer Richtlinie zustimmen
An admin or any user with the capability Agree to the policies on someone else's behalf can give consent on behalf of minors or when a written consent was obtained offline. For more information, see User agreements.
Nutzerbestätigungen überwachen
It may be necessary to monitor a site to determine who has agreed to a policy and who has not, especially if a policy has been changed. Failure to agree to a policy will prevent the user from logging in. The capability to check policy agreements may be necessary for technical support personnel responsible for troubleshooting login problems. For more information, see User agreements.
Reviewing and deleting content past retention date
As part of configuring the Moodle site for data privacy, retention periods have been set for each "purpose" of data. As these retention periods come to an end, data is queued for deletion after approval by the site Data Privacy Officer. See Data deletion for more information.
Richtlinien aktuell halten
Regularien und Richtlinien einer Organisation können sich ändern, und das sollte sich auch in den Richtlinien der Moodle-Site widerspiegeln. Wenn es Änderungen einer Richtlinie gibt, dann wird eine neue Version der Richtlinie angelegt. Nutzer/innen müssen der neuen Version zustimmen, wenn sie sich das nächste Mal in Moodle anmelden. Richtlinien können auch eaktiviert werden, sie können jedoch nicht gelöscht werden, wenn mindestens eine Person ihr zugestimmt hat. Mehr Informationen dazu finden Sie unter Richtlinien verwalten.
Verstöße
The GDPR also requires organizations to implement appropriate policies, protect personal data by using security protocols, conduct privacy impact assessments, and keep detailed records on data activities. The EU GDPR places strict control on where personal data is stored and how it is used.
Under the GDPR, organizations are required to report data breaches to the appropriate authorities if it will “result in a risk for the rights and freedoms of individuals”. The breach notice must be done within 72 hours of first having become aware of the problem. If there is a high risk of harm, organizations must notify any affected data subject as soon as possible.
