How Moodle LMS Is Coping Up with GDPR? Get to Know

From May 25^th, every online business website that is into selling and serving European customers and businesses in other continents will have to comply with the General Data Protection Regulation. Though many companies are lagging behind in preparations, it is high time to adhere to the laws or get prepared for fines and penalties for improper data privacy management.

Moodle HQ soon began working on it and exploring various means that users and administrators of Moodle websites could prepare to deal with the new law. CEO of Moodle expressed that the work is going on to make sure that all the companies are compliant before the implementation of GDPR and in case of any issues, they will figure out how to sort the issue that include transfer of personal data, right to be forgotten, withdrawal of consent and etc.

---

While most European education organizations are aware of it and are making the essential changed in their process, there are organizations that will have to consider their exposure to the GDPR. Here are some questions that might help you:

1. Do you have candidates who enroll from EU or access your Moodle LMS from the EU?
2. Do you employ EU people or have staff living or travelling in the EU?
3. Do you run educational programs abroad where the users travel or live in the EU and access your LMS?
   

In any case, if you do any of the above, then GDPR is very important for you. Moodle has come up with some important plugins that will support the site administrators with compliance and help the users to have more control on the data.

---

The focus of Moodle plugins is:

1. The process of getting new visitors to your site
2. Tracking and reporting users consent or any 3^rd parties that may get user data from your site
3. Using privacy statement on the site that are visited by minors
4. Support the administrator or data protection offices with a subject access request.

At present Moodle LMS is working to release these plugins so that they can support Moodle 3.3 and 3.4 and it is also recommended that LMS website owners should upgrade their site and keep the codes current with the latest security patches. This will help to install the GDPR related plugins that Moodle has released.

---

What are the effects for breaching GDPR?

Learning organizations that don’t adhere to the GDRP rules may now be fined up to 4% of their total annual global turnover. The fines are tiered, which means that Moodle organization may be fined with 2% for not holding their data records in proper order or not notifying the authority and data subject about any kind of security breach that has happened. It is important to understand that the rules apply for both the controllers and also the processors, which means cloud sharing and storage will also not be exempted from the GDPR enforcement. The e-learning system data security practices should consider:

1. 1. Data collection and its usage for limited purpose
   2. Obtain consent from the customers and employees before data acquisition
   3. Instant data breach notifications to individuals
   4. Privacy by design
   5. Right of individuals that includes access rights, rectification rights, right to object or delete, right to data portability, right to be forgotten and right to restrict processing.

---

“In conclusion, it is very important for Moodle website owners to understand the value of data and offer complete security and control to thrive in the data based industry.”