Dear Stefan, you said you wanted to delete users after 1 year of inactivity and you already set this in the data registry. How exactly did you set this in the data registry? I tried to do the same but with no success. I selected User context on the left, created and selected new purpose with retention period of 1 year. Protected option not selected. I ran the cron but no users are shown on Data deletion page although I have several users that haven't login to the system for more than a year.
BTW, is there a way to delete the purpose? When experimenting on a test site, I created purpose in courses context and now I would like to remove it.
Also, is there a way to remove deletion requests or to cancel them?
tbh, i gave up on the data registry. as far as i'm concerned, it's just another unusable broken moodle feature.
i'm deleting the users manually with the plugin "delete user by mailing list" now. deleting manually now creates a GDPR delete request, and as of 3.6.2 deleting users this way actually works without breaking moodle or the cron job, even if it still leaves behind data like forum posts, which makes me wonder what the point of all of this is.
the only way I found to remove deletion requests is to directly delete them from the DB table.
This is just terrible. All that effort for development of GDPR compliance pluggins that actually don't work.
BTW, I use Moodle Moodle 3.6.3 (Build: 20190311) and can't permanently delete user in any way. Deleting the record from DB table mdl_user would break the database relations so it's not an option for me. After manually deleting a user using Moodle's standard admin interface, the user doesn't appear on deletion request list and his account stays in the database forever. So currently I'm out of options.
actually, I found the deletion request now, approved it, ran the cron but the user's record is still in the database and it's not even anonimized
wow, you are right - I just checked userids of already deleted users, and their name and e-mail address is still in the database... I highly doubt that this is GDPR compliant...
Together with the fact that not even Forum Posts are deleted, I'm starting to wonder what sense there is in using those GDPR plugins at all...
Andrew (or anyone competent/responsible for Moodle privacy/security) - could you please comment on this and clarify things?