Security and privacy

GDPR plugins - Category & Purpose

Picture of Mark Sharp
Re: GDPR plugins - Category & Purpose
Core developersParticularly helpful MoodlersPlugin developers

Hi Gemma,

I appreciate the explanation. I will of course be speaking to our DPO soon, so no doubt they'd have something to add. I guess the bit I'm a bit fixated about is "what does it do in Moodle?"

As far as I can tell, the category is just a label and a description that is only seen by the DPO and has no function in code. i.e. The requestee doesn't see it, and it's not adding anything to the processing of requests within Moodle - as far as I can tell atm.

"Purpose" at least contributes a retention period and a setting to determine if this trumps a requestee's right to be forgotten. So it's not so much the legislation I'm concerned with as Moodle processing.



Average of ratings: -
Picture of Gemma Lesterhuis
Re: GDPR plugins - Category & Purpose
Particularly helpful MoodlersPlugin developersTesters

HI Mark,

I fully understand being fixed about "what does it do in Moodle". 

I have the same "issue".


Average of ratings: -
Picture of Adrian Greeve
Re: GDPR plugins - Category & Purpose
Core developersMoodle HQParticularly helpful MoodlersPlugin developersTesters

The category is not associated with any processing in Moodle. 

I'm not a lawyer, but my understanding is that this category is part of the requirement that all user data should have an explanation as to why it is being processed, and the type of personal data and the categories of data subjects. The idea is that this registry forms part of a report to be displayed to the Data Protection Officer in an audit, to display compliance by the institution. This category is linked to the user data, but no further processing is done.

I would highly recommend seeking professional advice as to how this information should be filled in to make sure that you site is compliant.

Average of ratings: -