Did anyone think that GDPR-compliance was really about sending a few (albeit cute) emails and calling it a day?
For learning organizations with students or users who are European residents, the potential burden of the European Union General Data Protection Regulation, which became enforceable just last week, will not materialize right away. For this reason, it is important to be cautious, especially true for those organizations just big enough to be subject to the Regulation (above 250 employees) but still lacking the resources for wide-reaching programs and legal counsel, let alone a full-time DPO.
This means that in some cases, I would bet most of them, employees must take matters into their own hands. Simple tools can help companies deal with the law, but above all, stay ahead of the game and save lots of headaches along the way.
People in charge at organizations who use Moodle as their sole or main repository can immediately take advantage of the new features Moodle 3.5 is offering. They also will benefit from the user-first mentality through which Moodle HQ is leading development efforts this year. Of course, an interface is only as pretty as the use it gets. Here are some ways to kickstart your Moodle-based GDPR defense force:
- This one might strike you as obvious: Promote a culture of compliance, starting from the top. Yes, that means making a point to read your site policies and make them readable for users. The Moodle Policies plugin makes it easier to manage versions and ensure everyone reads agreed to them.
- Treat data as a limited resource, whose use must be vetted and traced as best as possible. Moodle’s Data Privacy plugin can help visualize the life cycle of personal data on the site.
- There are still a lot of doubts and details GDPR is not clear on, and there is a fair chance that the regulation will be amended over the years. Set up regular reviews, ideally with deadlines for personal data storage. The same Data Privacy plugin allows sites to add expiration dates to data to prevent loose ends.
As with many of the threats involving the protection of information in the digital world, the problem might look like sand constantly leaking through a sieve. But while the technology will always be subject of prey, investing in people-first compliance is always a good first line of defense.
This Moodle Practice related post is made possible by: eThink Education, a Certified Moodle Partner that provides a fully-managed Moodle experience including implementation, integration, cloud-hosting, and management services. To learn more about eThink, click here.