Data protection reform
The data protection reform package includes the General Data Protection Regulation and the Data Protection Directive for the police and criminal justice sector. The Data Protection Directive guarantees an effective protection of the fundamental right to data protection. The right to know when one’s data has been hacked: Companies and organisations must notify the national supervisory authority of data breaches which put individuals at risk and communicate to the data subject all high risk breaches as soon as possible so that users can take appropriate measures. Data protection by design and by default: ‘Data protection by design’ and ‘Data protection by default’ are now essential elements in EU data protection rules. With the Data Protection Reform: The right to data portability will make it easier for potential customers to transfer their personal data between service providers.
SMEs need not appoint a data protection officer unless their core activities require regular and systematic monitoring of the data subjects on a large scale or if they process special categories of personal data such as that revealing racial or ethnic origin or religious beliefs. With the current rules: France’s data protection laws would apply to the processing done by head office, but individual shops would still have to report to their national data protection authority, to confirm they were processing data in accordance with national laws in the country where they were located. With the Data Protection Reform: The data protection law across all 14 EU countries will be the same – one European Union – one law. The new data protection rules provide businesses with opportunities to remove the lack of trust that can affect people’s engagement with innovative uses of personal data. With the current rules:The data protection safeguards upon data controllers vary substantially from one Member State to another.
The Directive protects citizens’ fundamental right to data protection when data is used by criminal law enforcement authorities. The Commission will work together with the Member States and the Data protection authorities – the future European Data Protection Board- to ensure a uniform application of the new rules.
All About the GDPR
While deregulation has been a stateside trend over the past decade, the 28 members of the European Union are gearing up for a massive increase in regulations around data privacy in the form of the General Data Protection Regulation – and this regulation will make a splash across the pond as well. The GDPR, set to go into effect on May 25, 2018, is the product of four years of debate and preparation – but its roots trace back more than two decades to the infancy of the internet, when the EU first began protecting data. The GDPR will replace a 1995 regulation that was put into place when Netscape ruled the web, well before data giants like Google and Amazon began to flex their marketing muscles. The EU is hoping to keep up with those data giants and those changes, ensuring its citizens can be confident in their privacy and security. Like its predecessor, the GDPR is built on the premise that private information actually is, or should be, private and that individuals have rights surrounding this data.
Even though it’s come a long way from its analog origins, one can argue that it is hardly a comprehensive way to manage data privacy. If it’s your personal data, it’s protected under the new regulation. Marketing in the digital age is all about data, so yes, the GDPR will complicate the job of marketers and can potentially jeopardize your business if you’re not careful. Es or any other EU nation suffix – or if you start accepting euros or pounds sterling or Danish Krones, the GDPR will likely apply to the data involved in those sites and transactions. Marketers need to be aware that the data they collect must have been acquired with consent, and it must be relevant to a specific purpose.
To maintain GDPR compliance, marketing databases will need constant scrubbing and/or additional consent – a wakeup call for marketers who have been building large, all-encompassing lists based on any and all contact data. Regardless of a little extra work, the raison d’être of the GDPR remains solid: A thriving economy in this new digital, data-driven world requires participants who are confident of their privacy – who feel their personal data belongs to them and trust the businesses they interact with.
Moodle’s GDPR approach and plan
Here we outline Moodle’s approach and plan for the implementation of support for the EU General Data Protection Regulation. Earlier this year we reached out to the community through our forums and social media to gauge the needs of different organisations on how they would need to comply with GDPR. We received direct input from a number of Moodle institutions, our Moodle Partner network and developers. During the summer we put together an initial plan on what developments are needed to enable organisations using Moodle to comply with GDPR and then sought more feedback. We have also engaged a specialist lawyer from Europe on a consultancy basis who has a strong background in data protection and data privacy to examine the specifications and make recommendations on where they can be improved to better enable organisations to be GDPR compliant.
We now have a plan to meet those needs and are scheduling the development within our Open Source team under the lead of Sander Bangma, our new Open Source coordinator. The PlanWe have a set of features now in development which will meet those compliance needs covering the following areas: onboarding of new users, privacy statements, the tracking of consent and handling of subject access requests. A request to erase all identifiable user data on Moodle. We will be releasing these plugins, scheduled for March 2018, which will enable those using Moodle 3.3 and 3.4 to become compliant with the new regulations by installing and configuring the plugins in addition to implementing the required organisational procedures and processes. These features will then become part of Moodle 3.5 release which is a Long Term Supported version of Moodle.
In March 2018 Moodle released the first iteration of its GDPR feature set in the form of the two plugins. These continue to be updated as we work towards the Moodle 3.5 release on May 14th. The final GDPR feature set will be available as downloadable plugins for Moodle 3.3 and 3.4 and will also form part of the Moodle 3.5 release itself. Installing the plugins alone is not going to be enough to meet the GDPR requirements.