Further to the announcement of the minor release earlier today, we have now published the first iteration of the GDPR plugins on the plugin database. The plugins will continue to be updated and refined over the next few weeks.
The Policy plugin provides a new user sign on process, with ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies.
The Data Privacy plugin provides the workflow for users to submit subject access requests and for site administrators and privacy officers to process these requests. The subject access request process currently retrieves the user information from the following core plugins:
- Choice Activity Module
- HTML Block
- User Tours
Support for retrieving user information from the remaining core plugins will be added over the next few weeks. The plugin will also be further extended to include functionality for data erasure requests and the data registry to define a purpose and retention period for data stored in a Moodle site.
Moodle 3.4.2 and 3.3.5 include the following core API changes that are required to support the GDPR plugins:
- An age and location check to identify minors
- The API to request personal data from all plugins
- Implementation of the API for a subset of Moodle core plugins so far
Those wanting to explore and use the new plugins should therefore upgrade to either Moodle 3.4.2 or 3.3.5. All GDPR functionality will be integrated in the Moodle 3.5 release.