I appreciate the explanation. I will of course be speaking to our DPO soon, so no doubt they'd have something to add. I guess the bit I'm a bit fixated about is "what does it do in Moodle?"
As far as I can tell, the category is just a label and a description that is only seen by the DPO and has no function in code. i.e. The requestee doesn't see it, and it's not adding anything to the processing of requests within Moodle - as far as I can tell atm.
"Purpose" at least contributes a retention period and a setting to determine if this trumps a requestee's right to be forgotten. So it's not so much the legislation I'm concerned with as Moodle processing.
The category is not associated with any processing in Moodle.
I'm not a lawyer, but my understanding is that this category is part of the requirement that all user data should have an explanation as to why it is being processed, and the type of personal data and the categories of data subjects. The idea is that this registry forms part of a report to be displayed to the Data Protection Officer in an audit, to display compliance by the institution. This category is linked to the user data, but no further processing is done.
I would highly recommend seeking professional advice as to how this information should be filled in to make sure that you site is compliant.