Security and privacy

GDPR - How does retention period work?

 
Picture of Howard Miller
GDPR - How does retention period work?
Core developersDocumentation writersParticularly helpful MoodlersPlugin developers

I'm not sure I fully understand this purposes stuff, however...

Where is the retention period measured *from*?

If, for example, I set this for a course. Does it get deleted n years after it was created, the end data, last time it was updated, something else?

If, for example, I set this for a user. Do they get deleted n years after their account was created, last logged in, something else?

And so on.... it matters wink


AND...

Other than the retention period. What does the data registry actually *do*. Who sees the results of my efforts filling it in? 

 
Average of ratings: -
Picture of Andrew Nicols
Re: GDPR - How does retention period work?
Core developersMoodle HQParticularly helpful MoodlersPlugin developersTesters

Hi Howard,

The retention period is currently measured from the course end date for the course that an activity is in. For a user it is from the last login time for any user who is no longer enrolled (or has already been deleted).

It would be too dangerous to delete from point of creation.

The data registry's current primary focus is to set the purpose and category of data (and thus the legal bases and retention period). We are looking to provide a read-only report of this data to users  See MDL-62551, MDL-62556, and MDL-62557 for more information on the areas we're looking to expand this into.

Thanks,

Andrew

 
Average of ratings: Useful (4)
Picture of Howard Miller
Re: GDPR - How does retention period work?
Core developersDocumentation writersParticularly helpful MoodlersPlugin developers

That's great - thanks for the info.


 
Average of ratings: -