How Moodle 3.5 And Under Handle GDPR Compliance

0
611

The first thing European Moodle site admins might want to do as soon as their just-updated version of Moodle is set up, is heading to the new “Privacy and policies” section of the administration options, “Policy settings” options. With GPDR underway, two new functions, involving management of policies and agreements, respectively, can be activated and will help manage permissions given by users after each new policy change, and keep track of how personal data is used in case such information is requested by the user.

The “Site security settings” option (formerly appearing as “Site policies”) offers several tools regarding the use of data and their expiration date on a site. A “Data registry” dashboard will let admins categorize data and include purposes and site retention periods. Soon-to-be-expired data will eventually show on the dashboard for the admin to confirm their deletion.

“Privacy settings” is another section that comes with a few new features: region-dependent age checks, readily available Data Protection Officer contact info among others.

A registry page for Moodle plugins will show a list indicating their compliance status. Presumably, all plugins that request access to user info and have not implemented the Privacy API will show a warning, and will likely face deletion.

On the regular user side of things, new options on their profile page allows them to request information about their data, including their removal, and the data itself. The Data Protection Officer will be notified to handle the request, which they can do on a new “Data requests” dashboard.

These and more settings are available in Moodle 3.5. They can be added in Moodle 3.4.3 and 3.3.6 and beyond by installing the Data privacy and the Policies plugins.

It is important to point out that these tools are designed to help admins and organizations prepare and implement their privacy strategies. Upgrading Moodle alone does not guarantee GDPR compliance.

Watch “GDPR compliance features in Moodle 3.5” on YouTube.

More answers to “GDPR 3.5 FAQ” at docs.moodle.org.■


eThink LogoThis Moodle Practice related post is made possible by: eThink Education, a Certified Moodle Partner that provides a fully-managed Moodle experience including implementation, integration, cloud-hosting, and management services. To learn more about eThink, click here.