For a Moodle plugin developer, this means ensuring your plugin handles user data in accordance with this regulation. A plugin needs to be able to provide the data it stores for an individual user to that user upon request, and it needs to be able to remove a specific user's data if requested. Fortunately, Moodle has provided an API for plugin developers to do all of the heavy lifting for plugins. In this article, I will begin to learn about this API and implement it in a plugin, with the goal of making my questionnaire plugin GDPR compliant.
A great place to start is this video that Moodle HQ put together, featuring the core developer Andrew Nicols explaining how to go about implementing this API. There is also the main Privacy API documentation and the Subject Access Request FAQ.
To begin, I'll create a new branch for this work based on the 3.5 stable branch called M35_PRIVACY_API. My work for this will be tested on a Moodle 3.5 site.
First step is to determine if the plugin actually contains personal data. The privacy API defines what it considers to be personal data in the documentation. I think the following paragraph pretty much indicates that the questionnaire has personal data about each user that completes one:
The most obvious clue to finding personal data entered by the user is the presence of a userid on a database field. Any data on the record (or linked records) pertaining to that user may be deemed personal data for that user, including things like timestamps and record identification numbers. Additionally, any free text field which allows the user to enter information must also be considered to be the personal data of that user.The questionnaire stores a user's response to all of its questions with a timestamp and the specific answers. This data is definitely personal data.
The documentation indicates that my plugin must implement a relevant metadata and request provider. To do this, I must create a class in the namespace mod_questionnaire\privacy in a file named mod/questionnaire/classes/privacy/provider.php. And, since my plugin does store personal data, the provider class must implement the \core_privacy\local\metadata\provider interface. In order for it to export and delete user data it must also implement a request provider. For an activity plugin, I should implement \core_privacy\local\request\plugin\provider for the request provider.
Note that there are other request providers your plugin might need, depending on whether they use other Moodle systems. The documentation talks about subsystems like ratings and tags, user preferences, and subplugins. Each of these has a different request provider interface that should be implemented. David Mudrack pointed out a document that listed these interfaces which helps.To be complete, my new class must implement the get_metadata, get_contexts_for_userid, export_user_data, delete_data_for_all_users_in_context, and the delete_data_for_user functions.
So, that becomes my first step. I create the mod/questionnaire/classes/privacy/provider.php file as follows:
<?phpThis gives me the basic skeleton to work from.
namespace mod_questionnaire\privacy;
defined('MOODLE_INTERNAL') || die();
class provider implements
\core_privacy\local\metadata\provider,
\core_privacy\local\request\plugin\provider {
public static function get_metadata(\core_privacy\local\metadata\collection $collection):
\core_privacy\local\metadata\collection {
return $collection;
}
public static function get_contexts_for_userid(int $userid): \core_privacy\local\request\contextlist {
$contextlist = new \core_privacy\local\request\contextlist();
return $contextlist;
}
public static function export_user_data(\core_privacy\local\request\approved_contextlist $contextlist) {}
public static function delete_data_for_all_users_in_context(\context $context) {}
public static function delete_data_for_user(\core_privacy\local\request\approved_contextlist $contextlist) {}
}
At this point, I can verify if the plugin API is seen by the Moodle site. To do this, I copy the new work into my development site's plugin directory. I can then go to the "Plugin privacy registry" page of the site, to see if my plugin shows up. This page is in the "Site administration / Users / Privacy and policies" section. On this page, I can open the "Activity module" section and scroll down until I see my questionnaire plugin. If it doesn't have a non-compliant icon next to it, then I have succeeded in making the API visible to Moodle. When I look, I see that I am moving in the right direction. The image below shows my plugin, and another plugin that does not have the API defined yet (on my site anyway).
In part 2, I'll begin adding the code to complete this work.
From your article, I get helped to complete my assignment. Moreover, you can avail our cost-effective Siding Installation Services in Sacramento CA to augment the level of protection for the house.
ReplyDeleteVery well explanation. I've read your all rest parts. Was interesting experience.
ReplyDeleteProfessional Buying Agents in Wilmington DE, experts will help to buy property in Wilmington.
ayvalık transfer
ReplyDeleteçeşme transfer
urla transfer
akbük transfer
davutlar transfer
3MS7
https://saglamproxy.com
ReplyDeletemetin2 proxy
proxy satın al
knight online proxy
mobil proxy satın al
737S