Upgraded Moodle 3.5 to Moodle 3.6.3 few days ago to test new GDPR compliance tools.
I'm trying to set a privacy rule in the data registry that will delete users that haven't login to the system for a long time (let's say 1 year). I set the privacy rule, manualy ran the cron but users don't appear on deletion list for deletion approvement. Further more, if I promise my users that I will be deleting their accounts after exact 1 year of inactivity, than I would have to check the deletion list every day to approve deleting (if they appeared on the list). Why don't we have option of deletion inactive users without approvement and to notice a user that the deletion is going to happen soon.
I also tried different approach - deleted a user in "old fashioned" way, hoping that it will be marked for real deletion and appear on deletion list for permanent deletion approvement but it didn't. Hence, I'm guessing there is no way to delete a user's data from the database except deleting it's record from the database mdl_user table and all realted records in all related tables and that would be really pain to do.
To explain the reason why I'm trying to achieve that… I'm writing a site policy that will inform every user for how long do we keep his personal data (his user account). So I want to adjust the policy to Moodle's features that I can use to manage data retention. Currently I have no idea how to delet users data after retention period, and according to GDPR, you can't keep the personal data forewer, especially if you don't have a reason for that.
Uh, oh, GDPR