Compatible with Moodle 3.5 and plugin 2.5.2 and later
The GDPR is managed in Moodle version 3.5 and later.
The GDPR in Moodle
Following the General Data Protection Regulation, which came into force on May 25, 2018, Moodle has come into compliance by developing a system that allows a user to make various requests related to their personal data directly from their profile. A Moodle user can:
- see all their personal data
- export all their personal data
- delete their account
- view the history of their requests
These requests are centralised and managed by a user-administrator who has the role of DPO (Data Protection Officer). The DPO is notified about each new request, which they must approve or reject.
In the case of a deletion request, the user and all their personal data are deleted from the database, and their messages on forums are replaced by "The content of this message has been deleted".
In the case of an export request, a .zip file is sent to the user, containing a web page that shows all their personal data.
For various settings, check out the video made by Moodle by clicking here.
The GDPR applies by extension to all Moodle plugins.
The DPO has the ability to see what data is stored for each of the Moodle plugins (provided they have incorporated the principles of the GDPR). The DPO can find this information on the page "Site Administration / Users / Data Protection and Policies / Personal data registry for plugins".
The GDPR in Moodle’s Compilatio plugin
From a functional perspective, with the integration of the GDPR into Moodle’s Compilatio plugin, nothing has changed for end users (whether students, teachers or administrators). The only difference is that additional information and actions are visible and available for certain users.
As the DPO
- The DPO can view all data stored by the Compilatio plugin on the page "Site Administration / Users / Data Protection and Policies / Personal data registry for plugins", section "Plagiarism plugin" then "Compilatio - Compilatio plagiarism plugin".
- The DPO must ensure that the Compilatio plugin's configuration regarding the ownership of documents submitted by students is consistent with the school's policy.
Indeed, if an institution stipulates that students' homework belongs to the school, it is necessary to block users' deletion requests, and vice versa.
As a user (teacher, student, etc.)
The user can access their data by making a request from their profile in the "Data protection and Policies" section.
For a data export request, the data retrieved by the Compilatio plugin in Moodle is visible in the context (assignment, workshop or discussion) where it was collected.
For a deletion request (if the documents belong to the user), the data saved in the Moodle Compilatio database and in the Compilatio database are deleted.
Similarly, when the period for retaining a context has expired and the DPO carries out the deletion, all data for all users in that specific context is detected.