The European Union’s General Data Protection Regulation, scheduled for implementation starting next May 25th, will affect all businesses and organizations that handle personal information from European citizens. It harmonizes legislation on the national level, sets rules regarding data uses as well as users’ rights, and sets penalties and fines for improper data privacy management on the part of organizations.
As moodle.com states, soon after the news, Moodle HQ began working and holding discussions exploring the best way users and administrators of affected Moodle sites could prepare to deal with the new body of law. Since the beginning, Moodle CEO Martin Dougiamas expressed Moodle HQ’s willingness to comply with GDPR and other data protection regulations and best practices for any Moodle user in a way that is as hassle-free as possible.
Some of the most important resulting products were:
- A “GDPR For Administrators” page at the Moodle Developers Documentation site.
- Issue “Collection of changes in Moodle that will assist in GDPR compliance” at the Moodle Tracker, ID MDL-59286.
- Issue “Create documentation for GDPR compliance for Moodle Administrators,” ID MDL-59617.
- The thread “EU General Data Protection Regulation (GDPR) compliance” at the Moodle Forum.
- A “Site policies” generation tool, with documentation to help understand each item.
As a follow-up, the post at moodle.com details some of the first practical outcomes for administrators. The developments are ongoing, so far focusing on user on-boarding, privacy statements, user consent, and request handling. Some of the “Moodle GDPR Plan” highlights are:
- GDPR compliance will be available through an unspecified number of plugins, probably one for onboarding and permission consent management and another for information request compliance.
- For the March enforcement date, the plugins will be available for Moodle 3.3 and 3.4. This means sites running Moodle 3.2 or earlier will not be able to comply with GDPR.
- Moodle 3.5 will provide GDPR compliance out-of-the box. It is a Long Term Support (LTS) version, which will give extended support and security fixes for up to three years.
While Moodle HQ will offer support for organizations interested in complying with GDPR, responsibility for correct plugin implementation and law acquiescence is entirely on the organization’s part. European Moodle Partners can provide GDPR compliance support.
This Moodle Practice related post is made possible by: eThink Education, a Certified Moodle Partner that provides a fully-managed Moodle experience including implementation, integration, cloud-hosting, and management services. To learn more about eThink, click here.