Can Moodle be GDPR compliant when a user record isn't actually deleted from Moodle's database, when you delete an account via the Data Requests page? Only a flag is set to mark the account as deleted.
GDPR compliance & Moodle
Number of replies: 3Re: GDPR compliance & Moodle
Hi Bente,
Moodle versions that support GDPR/deletion requests do more than set a flag when a user requests deletion (assuming you run cron so that the deletion task is able to run on the user). There is some data retained, but this is kept for reasons such as auditing purposes (which is allowed under GDPR), for example as evidence that the user has in fact been deleted.
The deeper explanations of what/why data is retained are fairly lengthy (and may depend on which Moodle version you are using). If you have a look at one of my earlier forum replies to a similar question, I've linked to some resources that dive into this and can hopefully help clarify in more detail.
Ang: Re: GDPR compliance & Moodle
Hi Michael,
Thank you very much, it sure is complicated! And good to know that there is no problem here.
Kind regards
Bente
Re: Ang: Re: GDPR compliance & Moodle
Not a problem Bente, glad I could help to clarify!