Add A Data Protection Officer To Handle Your Moodle’s GDPR Duties

1872
Add A Data Protection Officer To Handle Your Moodle’s GDPR Duties
“1' Regiment Chasseur à Cheval Officer Trompette.” by Vinkhuijzen, Hendrik Jacobus is licensed under CC0 1.0

MoodleNews ongoing GDPR coverage can be found here.

WIRIS

In the upcoming Moodle 3.5, a Data Protection Officer role will enjoy special permissions to deliver on protection assurance and data requests by users. The permissions this role has can be included on Moodle 3.4.2 by installing the Data Privacy plugin.

This role is not standard, like student, teacher, admin, or guest. Rather, it is a “custom role” which can be built from the new data protection permissions. The current state of the documentation recommends building the role from the “guest archetype” and then adding the full set of capabilities. There are three “data privacy” capabilities:

  • “Manage data registry”
  • “Manage data requests”
  • “Make data requests for children”

The documentation also gives instructions for adding five more permissions to the role that will give it access to all content, including items set as “hidden.”

This new role will open internal debates on Moodle sites affected by the upcoming GPDR in Europe. Who will be responsible for ensuring that your organization complies with users and, potentially, authorities? Organizations can take one out of three possible paths:

Hire or promote a Data Protection Officer. A person in a dedicated position could fulfill duties involving compliance, but extend into areas such as cybersecurity and due diligence. This is perhaps the ideal route, especially if the person is has professional experience in legal matters in Europe. However, this route may not fit the bill for smaller organizations.

Assign specific Data Protection duties to existing staff. If the team and the skill sets are already in place, it could the the most straightforward way to deal with GDPR. However, this poses the risk of underestimating the workload involved in compliance.

Outsource Data Protection Officer duties. This is uncharted territory and would depend on how feasible it is for an organization to let a third party handle what could be (very) sensitive information.

Read more: Data Protection Officer role at docs.moodle.org.

How do you plan to handle GDPR compliance? Share your plans with the community.


eThink LogoThis Moodle Practice related post is made possible by: eThink Education, a Certified Moodle Partner that provides a fully-managed Moodle experience including implementation, integration, cloud-hosting, and management services. To learn more about eThink, click here.