GDPR and Moodle: Plugins Released!
Following on from our last blog post on GDPR and Moodle, Moodle HQ have released their first iteration of plugins to assist Moodle administrators to ensure their Moodle site is compliant with GDPR.
The plugins come in two parts, a Policy plugin and a Data Privacy plugin.
The Policy plugin provides a number of new functionality including a new user sign-on process, with the ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies.
Once the policies are set up – new users registering to the site, as well as existing users, are required to read and accept these. Acceptions are then tracked and any changes to the policy requires users to then re-accept these.
Furthermore, there is now the ability to prevent minors signing up without parental/guardian consent, providing a digital age of consent right at the start of the registration process.
There is also a single page where you can view each user that has (or has not) accepted the policies. Or whether a policy was agreed on behalf of that user (in the case of guardian/parent).
To enable this plugin once it is installed, you need to navigate to Site administration -> Privacy and policies -> Policy settings and set the “Site policy handler” to Policies (tool_policy).
Data Privacy Plugin
The Data Privacy plugin provides the workflow for users to submit subject access requests (SARs) and for site administrators and privacy officers to process these requests. The subject access request process currently retrieves the user information from the following core plugins:
- Choice Activity Module
- HTML Block
- User Tours
Support for retrieving user information from the remaining core plugins will be added over the next few weeks. The plugin will also be further extended to include functionality for data erasure requests and the data registry to define a purpose and retention period for data stored in a Moodle site.
Those wanting to explore and use the new plugins will need to upgrade to either Moodle 3.4.2 or 3.3.5. All GDPR functionality will be integrated into the Moodle 3.5 release.
Moodle 3.4.2 and 3.3.5 include the first API changes required for the GDPR plugins and further updates will continue as more plugins and features are introduced.