Difference between revisions of "Manage data requests"

Jump to: navigation, search
(added screenshots)
m (Emdalton1 moved page admin/tool/dataprivacy/datarequests to Manage data requests: human-readable name)
(No difference)

Revision as of 19:23, 10 July 2018

As of version 3.5 (and via plugin for 3.4 and 3.3), Moodle provides a way of handling requests from data subjects (called Subject Access Requests in GDPR). In Moodle these are referred to as Data Requests. These may be initiated by the user themselves or by the administrator. The Privacy Officer will then receive a data request notification.

New request

Data request on behalf of a user

Clicking on New request as an Administrator uses the same form as the user has access to, but enables the administrator to specify the relevant user and details to submit a request on their behalf.

Requesting for

The admin can select one user to make the request for. There is currently no way to make a request for multiple users or a cohort of users.

Type

This specifies which type of request the user is making. When using this form two types of request can be made:

  • Export all of my personal data
  • Delete all of my personal data

Comments

This field enables data subjects to contextualise their reason for the request. It is not required, however it is especially helpful to add a comment when an admin is making the request, to rcplain why they are doing it rather than the user (e.g. the request came in via email).

Responding to data requests

Data requests queue
Viewing a data request

The Privacy Officer can respond to data requests as follows:

  1. Go to 'Data requests' in the Site administration (or follow the link in the data request notification).
  2. In the Actions dropdown, select View, Approve, or Deny as appropriate.

If the user has requested a copy of all of their personal data, once the request is approved, they will receive a notification to inform them that their personal data may be downloaded from their Data requests page.

If the user has requested that their personal data should be deleted, once the request is approved, they will receive an email to inform them and they will no longer be able to log in to the site.

See also

Data privacy plugin