Difference between revisions of "Manage data registry"
m (Emdalton1 moved page admin/tool/dataprivacy/dataregistry to Manage data registry: human-readable name)
Revision as of 19:22, 10 July 2018
One of the basic types of data requests that a data subject can request under the GDPR is a list of all processing and the reasoning behind it, including the retention period. This area manages that conceptual data inside of Moodle.
Each of these types of data can be categorised into whatever taxonomy the data controllers use in their engagement with their users (data subjects).
It is also possible to define different purposes for each legal basis for which data is handled, and define how long it is retained for each purpose. Crucially, it is also possible to set that the request for deletion does not override this retention setting - as some data controllers may have perfectly valid legal basis for retaining the information for longer than the user requests (exam results, grades, transcripts etc). It is not uncommon for universities to retain some of this data indefinitely currently.
It is important to understand the difference between categories and purposes. The category is used to organize the data, e.g. for reporting, and does not describe the usage (legal reason and retention period) of the data. This is controlled by the purpose.
The Privacy Officer can set purposes (why the organisation is processing data) with retention periods and categories for data stored in Moodle in the data registry.
A default purpose and retention period may be set for course categories, courses, activity modules and blocks. The retention period is measured from the course end date for the course that an activity is in. For a user it is from the last login time for any user who is no longer enrolled (or has already been deleted).
- In 'Data registry' in the Site administration click the 'Set defaults' button.
- Select a default category and purpose for the site, and for users, course categories, courses, activity modules and blocks as required.
- Save changes.
The privacy categories and purposes need to be created before they can be set as defaults (see below). It is important to note that default data registry categories and purposes are only applied to all newly created instances of that type (a course for example). Any content that has been created before these defaults are set are not impacted.
Add or edit categories
Each Moodle site can have its own data registry categories, defined for the needs of that institution. To create or edit data registry categories:
- Go to 'Data registry' in the Site administration.
- In the Edit menu select Categories.
- On the 'Edit categories' page, click the + button to add a new category.
- Enter a category name and description then click the Save button.
Example data registry categories
- Administrative: Civil status, identity, identification data, images …
- Personal life (lifestyle, family situation, etc.)
- Economic and financial information (income, financial situation, tax situation, etc.)
- Connection data (IP address, logs, etc.)
- Educational Data (Assessed Coursework, exam scripts etc)
- Records of Education Attainment (Results of exams, assessments, qualifications awarded etc)
- Location data (travel, GPS data, GSM, etc.)
Add or edit purposes
Institutions may have different purposes for similar types of data, and therefore depending on their records retention policies they need to be able to correctly explain and manage the different data sets accordingly.
To add a new purpose on the Data Registry Page
- Click on Edit
- Select Purposes
- Click on the + button
- Enter a meaningful name of the purpose
- Explain what the purpose is under description
- Select one or more lawful basis for the processing of this data
- Select the basis for handling sensitive data if it is sensitive
- Define the retention period for data processed under this purpose
- Set whether this data is protected from erasure by the data subject or not.
- Save changes
Setting categories and purposes for existing contexts
The Data Registry interface is used for navigation the contexts of the site to set the category and purpose for them, and thus the data retention period for that context.
At the very least, the site admin should set the category and purpose at the site level. Once this is saved, all lower contexts will inherit from that level.
The admin can then choose to set different category and purposes for different levels of context, such as having a specific course with a longer or shorter retention period thus overriding the inherited values.