Moodle GDPR and PDPA Compliance
In our latest post, we discuss key points around Moodle GDPR and PDPA compliance. We’ve specifically chosen these two standards as they are strong regulations from the European Union and Malaysia respectively.
The General Data Protection Regulation (GDPR) is an EU regulation governing matters regarding data protection. It also tackles all issues regarding data privacy. All versions of Moodle obtain a lot of user data, and hence it’s crucial for this elearning platform to adhere and comply with the latest GDPR laws that have already been passed and the ones on the pipeline too.
GDPR has clear-cut guidelines on the following issues:
– How long a developer can keep user’s personal data
– Definition of data controllers
– Breach of data protection and the penalties involved
GDPR is a creation of the European Parliament, which adopted it in 2016. All organisations that receive personal data from clients must comply with the regulations of this piece of legislation. As is this case with all such laws, failure to comply will have serious consequences for the offenders. Under GDPR, consumer rights will receive a significant boost, especially on issues surrounding personal data.
Under GDPR, companies have to enhance security measures for their users in areas such as:
- IP addresses
- Cookie data
- Contact addresses
- Social Security number
Moodle and GDPR
Moodle’s compliance with GDPR is non-negotiable as (among other reasons) it is a legal requirement.
GDPR frequently undergoes improvements and changes. The latest changes came into force around May 25, 2018. Fortunately, Moodle and GDPR will not be in conflict. All the recent versions of Moodle, starting from Moodle 3.5, have introduced features that adhere to the new GDPR guidelines. Moodle has clients who store personal data of their users based in EU. Accordingly, these clients have to adhere to the new GDPR laws. Moodle has the resources and capabilities to help these clients become GDPR-compliant.
How is Moodle and GDPR compatible?
All the latest versions of Moodle have focused their changes on functionality. Under these changes, Moodle offers additional privacy information when users sign up. Besides that, the changes also allow for more extensive recording and logging of all user consents. The changes also enable users to request for and obtain a copy of their personal data and users could then ask for an erasure of all their personal data, whenever needed.
Moodle isn’t taking chances with users’ personal data as it understands how serious personal data is. Clients who use or rely on Moodle need further GDPR training to bring them up to speed with what the new regulations entail. Data protection is a crucial topic for research and discussion where elearning is concerned and hence the developers of Moodle have always placed emphasis on helping clients get a better understanding and comply with GDPR.
Moodle and PDPA
To ensure compliance with PDPA, organisations using Moodle in Malaysia should implement appropriate measures such as:
– Obtaining consent from individuals for the collection, processing, and sharing of their personal data within Moodle
– Limiting the collection, use, and disclosure of personal data to what is necessary
– Providing individuals with access to their personal data, and
– Ensuring secure deletion or destruction of personal data when it is no longer needed.
Therefore, it is the responsibility of the organisation using Moodle to ensure their use of Moodle is in compliance with PDPA and other applicable data protection laws. Moodle can be configured to help organisations meet these requirements, but ultimately compliance with PDPA is dependent on the actions of the organisation using the platform.
Pukunui’s use of Moodle is in line with the latest regulations of GDPR and PDPA. If you would like us to take away the mandatory requirement (and headache) of Moodle GDPR and PDPA compliance, get in touch with our staff.