Admin tools: Data privacy

Maintained by Picture of Moodle HQ Moodle HQ
Provides the workflow for users to submit subject access requests and for site administrators and privacy officers to process these requests.
73 sites
6 fans
The plugin makes use of API available only in Moodle 3.3.5, 3.4.2 and higher.

The Data Privacy plugin forms part of Moodle’s privacy feature set and will assist sites to become GDPR compliant. It is a first iteration of this feature and will continue to be updated and refined over the next few weeks.

This plugin provides the workflow for users to submit subject access requests and for site administrators and privacy officers to process these requests. The subject access request process currently retrieves the user information from the following core plugins:

  • Choice Activity Module
  • HTML Block
  • User Tours

Support for retrieving user information from the remaining core plugins will be added over the next few weeks. The plugin will also be further extended to include functionality for data erasure requests and the data registry to define a purpose and retention period for data stored in a Moodle site.

This plugin requires the latest minor release of Moodle (3.4.2, 3.3.5). It will be integrated in the Moodle 3.5 release in May 2018.


This plugin is part of set GDPR.


Screenshot #0
Screenshot #1


Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Picture of Jun Pataleta
    Thu, 5 Apr 2018, 10:14 PM
    Hi Ziyad,

    Please check out the folliowing steps to create and assign a user to the Data Protection Officer role:

    1. Log in as an admin
    2. Go to "Site administration / Users / Define roles"
    3. Create a Data Protection Officer role with the following settings:
    3.1 Short name: dpo
    3.2 Custom full name: Data Protection Officer
    3.3 Role archetype: None
    3.4 Context types where this role may be assigned: System
    3.4 Capabilities: "moodle/site:configview" (Allow), "tool/dataprivacy:managedatarequests" (Allow)
    4. Save changes.
    5. Go to "Site administration / Users / Permissions / Assign system roles"
    6. Assign at least one user to the DPO role.
    7. Save the changes.
    8. Go to "Site administration"
    9. Scroll down to the bottom of the "Site administration" tab
    10. Confirm that you see a "Data privacy" ("Privacy and policies" in newer versions soon) category
    11. Click "Data privacy settings" ("Privacy settings" in newer versions soon)
    12. Select the "Data Protection Officer" role for the "Data Protection Officer role mapping".
    13. Save changes.
  • Picture of Jun Pataleta
    Thu, 5 Apr 2018, 10:16 PM
    Hi David,

    You'll have to let cron run in order for the ad hoc task for preparing the data for review to be executed. Once it's done, you should see options that will let you act on the data request.
  • Picture of David Broomfield
    Mon, 9 Apr 2018, 3:17 PM
    Thanks for your quick replies. I had forgotten that the Cron on my dev server doesn't run automatically. Once I ran it, the option to complete the request came through. I then had to run it again in order for the data to become downloadable.
  • Picture of Sergio W
    Tue, 10 Apr 2018, 7:43 PM
    Hello, i have moodle 3.4 and can´t install the plugin.

    Validating tool_dataprivacy ... Error
    [Error] Required Moodle version [2017111302.00]
    Installation aborted due to validation failure

    Thank you

  • Picture of Nick Varney
    Tue, 10 Apr 2018, 9:27 PM
    in testing the data request export provided the user with just a set of .json files for each course. Is that correct?

    If so, is there advice on how these are to be read/used by the requester?
  • Picture of David Monllaó
    Tue, 10 Apr 2018, 9:41 PM
    Hi Sergi,

    The required version for 3.4 major branch is 3.4.2. Can you confirm that your version is equal or above that version?
  • Picture of Sergio W
    Wed, 11 Apr 2018, 12:29 AM
    Hello David,

    thanks for the response. My current version is Moodle 3.4.1+ . My fault...should read better smile

    Best regards
  • Picture of Justin Hunt
    Wed, 11 Apr 2018, 1:53 PM
    I am testing my plugins against this nice tool, and it seems like some things are missing. Perhaps its just early days .. but in addition to /export/delete I would expect a 'view' option, to be able to see what the data we had on a user. Also in the list of submitted requests, shouldn't there be a "user name" column?
  • Picture of Jake Dallimore
    Wed, 11 Apr 2018, 2:17 PM
    Hi Justin,

    The requirements for the plugin are largely centred around the rights of users; their right of access to their personal data, and their right to be forgotten. Whilst there is a requirement that organisations operating under GDPR must be able to produce registers, describing all personal data they capture, we didn't identify any such requirement allowing Data Protection Officers or Privacy Officers to view the actual personal data for a given user. This would most probably be considered a nice to have, but unfortunately given time constraints, we haven't planned to include this yet.
  • KuwaitBus
    Wed, 11 Apr 2018, 11:03 PM
    Ziyad I am also trying to assign a Data Protection officer with this plugin. By the looks of things, when a user requests to contact the Data Protection officer, the Site admin email account is put in by default.

    Following Jun's instructions sets up the Data Protection officer to receive a message whenever a user clicks "Contact Data Protection officer" in their profile and replaces the admin.

    However, this only works for the general enquiries at the moment. When a user submits a Delete or Export request, the Data Protection Officers don't receive any message. Hope this is added soon.
  • Picture of Nick Varney
    Mon, 16 Apr 2018, 3:57 PM
    Apologies in repeating my question but I need to know if I've configured the plugin correctly. Does this solely output .json files when exporting the data?
  • Picture of Wendy Hesta
    Tue, 17 Apr 2018, 2:06 AM
    Hi there, I have installed the plugin and followed the 13 steps above. Just I don't see any option to ask for a data request as a user. What am I doing wrong or missing?
  • Picture of Zig Tan
    Tue, 17 Apr 2018, 9:59 AM
    Hi Nick,

    Yes, when exporting user data the output data will be in JSON format and this is handled by the privacy\classes\local\request\moodle_content_writer.php class.

    The name of the exported data JSON file depends on the particular plugin's logic implemented in the export_user_data() function, but by default most plugin's export data will have the name 'data.json'.

    The data export of associated physical files is also supported in the same class.

    For this upcoming release, the exported user data and physical files will be organized in a logical folder structure that reflects the Moodle context hierarchy so it is intuitive for users to navigate and access their data.

    But we are also looking to add way to present the exported data with a easy-to-use user interface as well, for example, in a web browser.
  • Picture of Helen Foster
    Tue, 17 Apr 2018, 9:16 PM
    Hi Wendy,

    Users should be able to request data via a 'Data requests' link on their profile page. Please see the documentation for more details.

    You can also try things out on the Moodle GDPR sandbox demo site
  • Picture of Dinis Medeiros
    Wed, 18 Apr 2018, 3:53 AM
    String {dataprivacysettings/tool_dataprivacy} can't be translated. It isn't in lang file.
    Can you insert it? TIA
    I'm a PT translator
1 2
Please login to post comments