Datenschutz: Unterschied zwischen den Versionen
Zeile 7: | Zeile 7: | ||
Nach der Installation des [[Datenschutz-Plugin]]s muss als erstes eine neue Rolle [[Datenschutzbeauftragter-Rolle|Datenschutzbeauftragter]] angelegt und zugewiesen werden. | Nach der Installation des [[Datenschutz-Plugin]]s muss als erstes eine neue Rolle [[Datenschutzbeauftragter-Rolle|Datenschutzbeauftragter]] angelegt und zugewiesen werden. | ||
== | ==Datenanfragen== | ||
[[File:requesting data.png|thumb|Requesting data]] | [[File:requesting data.png|thumb|Requesting data]] | ||
Any user can send a message to the Data Protection Officer via the 'Contact Data Protection Officer' link on their profile page. | Any user can send a message to the Data Protection Officer via the 'Contact Data Protection Officer' link on their profile page. |
Version vom 18. Juli 2018, 10:26 Uhr
Das Datenschutz-Plugin bietet Nutzer/innen einen Workflow zum Einreichen von Datenanfragen (Export persönlicher Daten oder Löschungsauftrag) und für den Administrator oder Datenschutzbeauftragten (DPO) einen zum Verarbeiten dieser Anfragen. Das Datenschutz-Plugin ist Bestandteil des Datenschutz-Features von Moodle und unterstützt Moodle-Anbieter bei der Einhaltung der DSGVO. Das Plugin ist ab Moodle 3.4.2 verfügbar und ab Moodle 3.5 im Standardpaket integriert (verfügbar ab Mai 2018).
Datenschutzbeauftragter-Rolle
Nach der Installation des Datenschutz-Plugins muss als erstes eine neue Rolle Datenschutzbeauftragter angelegt und zugewiesen werden.
Datenanfragen
Any user can send a message to the Data Protection Officer via the 'Contact Data Protection Officer' link on their profile page.
In addition, they can request a copy of all of their personal data or request that their personal data should be deleted as follows:
- Go to your profile page (via the user menu).
- Click the link 'Data requests' then click the 'New request' button.
- Select 'Export all of my personal data' or 'Delete all of my personal data' as appropriate.
- Save changes.
The DPO will then receive a data request notification.
If the user has requested a copy of all of their personal data, once the request is approved, they will receive a notification to inform them that their personal data may be downloaded from their Data requests page.
If the user has requested that their personal data should be deleted, once the request is approved, they will receive an email to inform them and they will no longer be able to log in to the site.
Responding to data requests
The DPO can respond to data requests as follows:
- Go to 'Data requests' in the Site administration (or follow the link in the data request notification).
- In the Actions dropdown, select View, Approve, or Deny as appropriate.
Data registry
The DPO can set purposes (why the organisation is processing data) with retention periods and categories for data stored in Moodle in the data registry.
A default purpose and retention period may be set for course categories, courses, activity modules and blocks.
To add purposes and categories:
- Go to 'Data registry' in the Site administration.
- In the Edit menu select Categories.
- On the 'Edit categories' page, click the + button to add a new category.
- Enter a category name and description then click the Save button.
- Go to 'Data registry' again and in the Edit menu select Purposes.
- On the 'Edit purposes' page, click the + button to add a new purpose.
- Enter a purpose name, description and retention period then click the Save button.
To set default categories and purposes:
- In 'Data registry' in the Site administration click the 'Set defaults' button.
- Select a default category and purpose for the site, and for users, course categories, courses, activity modules and blocks as required.
- Save changes.