Privacy laws and Moodle
Moodle sites can contain a variety of sensitive personal data and personally identifying information (PII). This information is often protected by regulatory frameworks in different jurisdictions. As such, privacy protection and policy control tools are a critical feature of Moodle.
Note: Software tools alone cannot make a site compliant with privacy legislation. Moodle provides tools to set up and maintain data privacy policies. The institution operating the Moodle site is responsible for configuring the site to implement policies in compliance with local laws, and is also responsible for responding to ongoing data requests and other events that are covered under data privacy laws.
GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union. The regulation (Regulation (EU) 2016/679)2 becomes enforceable on 25 May 2018 and replaces the data protection directive (officially Directive 95/46/EC)3 from 1995. For more information, see GDPR. Moodle supports GDPR through the Policies plugin and Data privacy plugin in the standard distribution of Moodle 3.5. See GDPR documentation for Moodle 3.3 or Moodle 3.4 if you use other versions.
- Data privacy plugin The Data Privacy plugin forms part of Moodle’s privacy feature set and will assist sites to become GDPR compliant. It requires Moodle 3.4.2 or later and will be integrated in the Moodle 3.5 release in May 2018.
- GDPR - GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union
- Student Privacy forum discussion