Following on from our last blog post on GDPR and Moodle, Moodle HQ have released their first iteration of plugins to assist Moodle administrators to ensure their Moodle site is compliant with GDPR.

The plugins come in two parts, a Policy plugin and a Data Privacy plugin.

Policy Plugin

The Policy plugin provides a number of new functionality including a new user sign-on process, with the ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies.

Once the policies are set up – new users registering to the site, as well as existing users, are required to read and accept these. Acceptions are then tracked and any changes to the policy requires users to then re-accept these.

Furthermore, there is now the ability to prevent minors signing up without parental/guardian consent, providing a digital age of consent right at the start of the registration process.

There is also a single page where you can view each user that has (or has not) accepted the policies. Or whether a policy was agreed on behalf of that user (in the case of guardian/parent).


To enable this plugin once it is installed, you need to navigate to Site administration -> Privacy and policies -> Policy settings and set the “Site policy handler” to Policies (tool_policy).

Data Privacy Plugin

The Data Privacy plugin provides the workflow for users to submit subject access requests (SARs) and for site administrators and privacy officers to process these requests. The subject access request process currently retrieves the user information from the following core plugins:

  • Choice Activity Module
  • HTML Block
  • User Tours

Support for retrieving user information from the remaining core plugins will be added over the next few weeks. The plugin will also be further extended to include functionality for data erasure requests and the data registry to define a purpose and retention period for data stored in a Moodle site.


Those wanting to explore and use the new plugins will need to upgrade to either Moodle 3.4.2 or 3.3.5. All GDPR functionality will be integrated into the Moodle 3.5 release.

Moodle 3.4.2 and 3.3.5 include the first API changes required for the GDPR plugins and further updates will continue as more plugins and features are introduced.

📢 With the deadline aproaching, time is running out to ensure your Moodle site is up to date to support these features and be ready for GDPR compliance.

If you need help with upgrading your site or getting the plugins installed, get in touch with us at [email protected] or via our contact page.

About This Author

Dan Bennett

Dan has been working with Moodle since 2008, starting when Moodle was at version 1.9, having worked with customers from many backgrounds, supporting them with their Moodle sites when an issue arises – whilst also helping Moodle users in the Moodle Forums...