Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61899

Include tool_dataprivacy in core

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      General comments

      • Keep your JS console open while running this test.
      • You should test this using both boost and clean themes

      Pre-requisites

      An Outgoing email server. Alternatively, you can use Mailcatcher as described below:

        1. Open your terminal
        2. Install Mailcatcher: gem install mailcatcher
        3. Run mailcatcher: mailcatcher
        4. Open your browser and go to http://localhost:1080
        5. Edit your moodle instance's config.php and add the following line:

              $CFG->smtphosts = 'localhost:1025';
          

      Data Protection Officer (DPO) role creation

      1. Login as an admin
      2. Go to "Site administration / Users / Define roles"
      3. Create a Data Protection Officer role with the following settings:
        Short name dpo
        Custom full name Data Protection Officer
        Role archetype Guest
        Context types where this role may be assigned System
        Capability "moodle/site:configview" (Allow)
        Capability "tool/dataprivacy:managedatarequests" (Allow)
        Capability "tool/dataprivacy:managedataregistry" (Allow)
        Capability "moodle/category:viewhiddencategories" (Allow)
        Capability "moodle/course:viewhiddencourses" (Allow)
        Capability "moodle/course:view" (Allow)
        Capability "moodle/course:viewhiddenactivities" (Allow)
        Capability "tool/dataprivacy:makedatarequestsforchildren" (Allow)
      1. Save changes.
        • Confirm that the role is successfully created.
      2. Go to "Site administration / Users / Permissions / Assign system roles"
      3. Assign at least one user to the DPO role.
      4. Save the changes.

      Site courses and users

      1. Create a course C1 with some activities in it.
      2. Set its course end date to last year (the date is not important)
      3. Create another course C2
      4. Set its course end date to last year (the date is not important)
      5. Create another course C3 with some activities in it but don't set any course end date.
      6. Create another course C4 with no activities
      7. Set its course end date to a date in the future
      8. Create a user newuser, go to the database and edit its mdl_user->lastaccess field, set it to 111

      Test

      Settings
      1. Go to "Site administration"
      2. Scroll down to the bottom of the "Site administration" tab
        • Confirm that you see a "Privacy settings" under "Privacy and policy" category
      3. Click "Privacy settings"
        • Confirm that the "Contact Data Protection Office" setting is NOT ticked by default.
      4. Tick the "Contact Data Protection Office" setting to enable it.
      5. Check the "Data Protection Officer role mapping" setting.
        • Confirm that it only contains the Data Protection Officer role that you created earlier.
      6. Select the "Data Protection Officer" role for the "Data Protection Officer role mapping".
      7. Save changes.
      Contacting a Data Protection Officer (DPO)
      1. Login as a user
      2. Go to your profile page.
        • Confirm that there is a "Privacy" section on your profile page.
        • Confirm that you see the following links:
          • Contact Data Protection Officer
          • Data requests
      3. Click on the "Contact Data Protection Officer" link.
        • Confirm that a dialogue comes up that contains:
          • The "Reply to" field containing your email address.
          • A message text area where you can enter your message for the DPO.
      4. Without entering anything into the Message field, click "Send"
        • Confirm that you get an error message indicating that the field is required.
      5. Enter some message and click "Send"
        • Confirm that the dialogue is closed.
      6. Go to the Mailcatcher browser window.
        • Confirm that you see an email to the DPO about the message that you sent.
      7. Login as the user that you assigned as the site DPO.
      8. Check your notification.
        • Confirm that you get a "General inquiry" notification about the user's message through Moodle.
      9. Click on the notification.
        • Confirm that you are redirected to the "Data requests" page.
      10. Check the contents of the "Data requests" page.
        • Confirm that you see an entry referring to the message that the user sent you.
      11. Click on the "Actions" menu of the message.
      12. Click "View the request"
        • Confirm that you see a modal showing the user's name, email, the message date, the status and the message itself.
      Data request: Export
      1. Log in as a user
      2. Go to your profile page.
      3. Click on "Data requests"
      4. Click on "New request"
        • Confirm that you are redirected to the "Contact Data Protection Officer" form.
      5. Select "Export all of my personal data" for the Type field
      6. Enter a message "Export request 1"
      7. Click "Save changes"
        • Confirm that you are redirected back to the "Data requests" page.
        • Confirm that you get a notification that your request has been submitted to the site's DPO.
        • Confirm that you see your request on the data requests table and that it's status is currently "Pending"
      8. Click again on the "New request" button and try to create another data export request.
      9. Save the changes.
        • Confirm that you get an error that you already have an ongoing request.
      10. Go back to the data requests page.
      11. Click on the "Actions" menu of your data export request.
      12. Click "Cancel request"
        • Confirm that you see a confirmation dialogue about the cancellation of your request.
      13. Confirm the request cancellation.
        • Confirm that your request's status is now shown as "Cancelled"
      14. Repeat the above steps to create another data export request but don't cancel it this time and with a comment "Export request 2"
      15. Open a terminal.
      16. Go to the root directory of your moodle instance.
      17. Execute CRON

        php admin/cli/cron.php
        

        • Confirm that the CRON script completes successfully and that you don't encounter any errors.
      18. Go to the Mailcatcher browser window.
        • Confirm that you see two more emails to the DPO about the data requests that the user sent.
      19. Log in as the DPO.
      20. Check your notifications.
        • Confirm that you get only one notification about the user's export data request. (The DPO should no longer received an email about the cancelled one)
      21. Click on one of the notifications.
        • Confirm that you are redirected to the "Data requests" page.*
      22. Check the contents of the "Data requests" page.
        • Confirm that you see two entries referring to the data export requests that the user sent you.
        • Confirm that the cancelled request is shown with the status "Cancelled".
        • Confirm that the other request is shown with the status "Awaiting approval".
      23. Click on the "Actions" menu of the cancelled request.
        • Confirm that you only see "View the request"
      24. Click "View the request"
        • Confirm that you see a modal showing the user's name, email, the message date, the status and the message itself.
        • Confirm that there are no buttons in the footer of the modal and you can close the modal by clicking on the modal's close button on the top right part of the modal header.
      25. Click on the "Actions" menu of the request that is awaiting approval.
        • Confirm that you see the options "View the request", "Approve request", and "Deny request".
      26. Click "View the request"
        • Confirm that you see a modal showing the user's name, email, the message date, the status and the message itself.
        • Confirm that you also see the "Approve" and "Deny" buttons in the dialogue.
      27. Click "Approve".
        • Confirm that you see a confirmation dialogue regarding the approval.
      28. Confirm the approval.
      29. Confirm that the request's status is now shown as "Approved"
      30. Back to your terminal, run CRON again.
        • Confirm that the CRON runs successfully.
      31. Go to the Mailcatcher browser window.
        • Confirm that you see an email to the requesting user that tells them that their data is now ready for download.
      32. Log in as the user who made the data export request.
      33. Confirm that you get a notification that tells you that your data is now ready for download.
      34. Click on the notification to go to the data requests page.
      35. On the Data requests page, check your data request.
        • Confirm that its status is now set to "Complete"
      36. Open the actions menu of the request.
        • Confirm that you see a "Download" action link and a file is downloaded
        • Confirm that you can open the file and it contains files with contents (no need to check the contents, just that something is generated)
      37. Repeat the data export request creation. This time though, as DPO, deny the request.
        • Confirm that the status of the request becomes "Rejected"
      Data request: Deletion
      1. Log in as a user
      2. Go to your profile page.
      3. Click on "Data requests"
      4. Click on "New request"
        • Confirm that you are redirected to the "Contact Data Protection Officer" form.
      5. Select "Delete all of my personal data" for the Type field
      6. Enter a message (optional)
      7. Click "Save changes"
        • Confirm that you are redirected back to the "Data requests" page.
        • Confirm that you get a notification that your request has been submitted to the site's DPO.
        • Confirm that you see your request on the data requests table and that it's status is currently "Pending"
      8. Click again on the "New request" button and try to create another data deletion request.
      9. Save the changes.
        • Confirm that you get an error that you already have an ongoing request.
      10. Open a terminal.
      11. Go to the root directory of your moodle instance.
      12. Execute CRON

        php admin/cli/cron.php
        

        • Confirm that the CRON script completes successfully and that you don't encounter any errors.
      13. Go to the Mailcatcher browser window.
        • Confirm that you an email to the DPO about the data deletion request that the user sent.
      14. Log in as the DPO.
      15. Check your notifications.
        • Confirm that you get a notification about the user's data deletion request.
      16. Click on one of the notifications.
        • Confirm that you are redirected to the "Data requests" page.*
      17. Check the contents of the "Data requests" page.
        • Confirm that you see the entry referring to the data deletion request that the user sent you.
        • Confirm that the data deletion request is shown with the status "Awaiting approval".
      18. Click on the "Actions" menu of the request that is awaiting approval.
        • Confirm that you see the options "View the request", "Approve request", and "Deny request".
      19. Click "View the request"
        • Confirm that you see a modal showing the user's name, email, the message date, the status and the message itself.
        • Confirm that you also see the "Approve" and "Deny" buttons in the dialogue.
      20. Click "Approve".
        • Confirm that you see a confirmation dialogue regarding the approval.
      21. Confirm the approval.
      22. Confirm that the request's status is now shown as "Approved"
      23. Back to your terminal, run CRON again.
        • Confirm that the CRON runs successfully.
      24. Go to the Mailcatcher browser window.
        • Confirm that you see an email to the requesting user that tells them that their data has now been deleted and they would no longer be able to log into the site.
      25. Try to log in again as the user that requested the deletion request. You SHOULD NOT be able to do it as its account was deleted
      Creating data requests for other users.
      1. As a DPO, confirm that when you click on "New request" you will be able to create data requests on behalf of other users.
      2. Log in as an admin.
      3. Create a Parent role, but also give it the "tool/dataprivacy:makedatarequestsforchildren" capability.
      4. Assign a user p1 as a parent of a student s1.
      5. Login as p1 and go to the Data requests page.
      6. Click "New request"
        • Confirm that you can create a data request for s1.
      Data registry.
      1. Log in as the user with dpo role
      2. Go to "Site admin > Privacy and policies > Data registry"
      3. You should see a nice tree with, with "Site" as the active node and, on right hand, a form (with "Site" heading)
      4. This tree represents a hierarchy of your site elements
      5. Feel free to:
        1. Navigate through it
        2. To create purposes and categories (try to save without filling the required fields, to cancel the form...)
        3. To save context instances purposes and categories, to edit them... checking that the values are properly saved
      6. Define a category "Cat1" and a purpose "Pur1" with retention period set to 1 day
      7. Define another purpose "Pur2" and set its retention period to 3 years
      8. Define another purpose "Pur3" and set its retention period to 5 years
      9. Assign "Cat1" and "Pur1" to "Site" data registry node
      10. Go to "Set defaults" and set "Pur2" to context course and "Pur3" to context module
      11. Log in as admin
      12. Go to "Site admin > Courses > Manage courses and categories"
      13. Create a new course within a new category (hanging from root) and an activity new module
      14. Log in back as dpo
      15. Return to the context tree in "Site admin > Privacy and policies > Data registry"
      16. Check that:
        1. new category purpose is "Not set" with a retention period of 1 day (from the site default purpose)
        2. Once you press "Courses" below new category node the category courses are loaded
        3. new course purpose is "Not set" with a retention period of 3 years (from the course context level default purpose)
        4. Once you press "Activities and resources" below new course node the course activities are loaded
        5. new module purpose is "Not set" with a retention period of 5 years (from the module context level default purpose)
      17. Change new module purpose to "Pur2" and press "Save changes". Confirm that the value has been saved by moving to another tree node and returning back to the new module. "Pur2" should be selected and "3 years" should appear as its "Retention period"
      18. Change C2 course purpose to "Pur2"
      19. Set C1 purpose to "Pur1" and all C1 activities and blocks to "Pur1" as well (note that you may not have blocks)
      20. Now go to "Edit > Categories"
      21. Check that you don't have the "Delete" option for categories that are assigned to contexts or to defaults
      22. Create a new category and delete it afterwards
      23. Press "Back" button and now go to "Edit > Purposes"
      24. Check that you don't have the "Delete" option for purposes that are assigned to contexts or to defaults
      25. Create a new purpose and delete it afterwards
      Expired contexts listing
      1. Go to "Site administration / Server / Scheduled tasks".
      2. Run the "Expired retention period" scheduled task.
      3. Go to "Site administration / Privacy and policies / Data deletion"
      4. Confirm that the filter is initially set to "Course"
      5. Confirm that you see C1 in the list under the Course filter criterion.
      6. Confirm that you CAN NOT see C2 (retention period 3 years) nor new course in the list under the Course filter criterion.
      7. Hover over the info icon under the Name column.
      8. Confirm that you see the full context path.
      9. Hover over the info icon under the Info column.
      10. Confirm that you see the child contexts of the context.
      11. Change the filter to "Activities and resources"
      12. Confirm that you can see the activities in C1
      13. Click on the Select all checkbox.
      14. Confirm that it selects/deselects the items on the list.
      15. Select one or more course module contexts.
      16. Click "Delete selected"
      17. Confirm that you see a confirmation dialogue.
      18. Confirm the deletion of the contexts.
      19. Confirm that the contexts that you approved for deletion are now removed from the list.
      20. Change the filter to "Blocks" and mark for deletion any C1 blocks (note that you may have none)
      21. Change the filter to "Course".
      22. Approve C1 for deletion.
      23. Confirm that C1 is removed from the list.
      24. Change the filter back to "Activities and resources"
      25. Confirm that the contexts under C1 are now also gone from the list.
      26. Change the filter to "User"
      27. Approve newuser for deletion (select + "Delete selected" + confirm it).
      Delete expired contexts
      1. Go to "Site administration / Server / Scheduled tasks".
      2. Run the "Delete expired contexts" scheduled task.
      3. Also run the "Expired retention period" scheduled task.
      4. Go to "Site administration / Privacy and policies / Data deletion"
      5. Check that non of the previously deleted contexts are listed
      6. Try to log in as newuser you SHOULD NOT be able to do it.
      7. Try to search for in in "Site admin > Users > Browse list of users", newuser SHOULD NOT appear
      Plugin privacy registry
      1. Go to "Site administration / Privacy and policies / Plugin privacy registry"
      2. View the list. Clicking on the links should expand into more sections. Ultimately there should be a description about the user data stored for each plugin.
      3. Currently there are sections that are not covered, they should show a small red icon which when you hover over it says "Requires attention".
      4. Verify that the information in the report is consistent with the information pulled from the metadata providers. e.g.
        1. Activity modules > Choice: You should see info about choice_answers content
        2. Antivirus plugin > ClamAV: The ClazmAV Antivirus plugin does not store any personal data.
      Show
      General comments Keep your JS console open while running this test. You should test this using both boost and clean themes Pre-requisites An Outgoing email server. Alternatively, you can use Mailcatcher as described below: Open your terminal Install Mailcatcher: gem install mailcatcher Run mailcatcher: mailcatcher Open your browser and go to http://localhost:1080 Edit your moodle instance's config.php and add the following line: $CFG->smtphosts = 'localhost:1025'; Data Protection Officer (DPO) role creation Login as an admin Go to " Site administration / Users / Define roles " Create a Data Protection Officer role with the following settings: Short name dpo Custom full name Data Protection Officer Role archetype Guest Context types where this role may be assigned System Capability "moodle/site:configview" (Allow) Capability "tool/dataprivacy:managedatarequests" (Allow) Capability "tool/dataprivacy:managedataregistry" (Allow) Capability "moodle/category:viewhiddencategories" (Allow) Capability "moodle/course:viewhiddencourses" (Allow) Capability "moodle/course:view" (Allow) Capability "moodle/course:viewhiddenactivities" (Allow) Capability "tool/dataprivacy:makedatarequestsforchildren" (Allow) Save changes. Confirm that the role is successfully created. Go to " Site administration / Users / Permissions / Assign system roles " Assign at least one user to the DPO role. Save the changes. Site courses and users Create a course C1 with some activities in it. Set its course end date to last year (the date is not important) Create another course C2 Set its course end date to last year (the date is not important) Create another course C3 with some activities in it but don't set any course end date. Create another course C4 with no activities Set its course end date to a date in the future Create a user newuser , go to the database and edit its mdl_user->lastaccess field, set it to 111 Test Settings Go to " Site administration " Scroll down to the bottom of the " Site administration " tab Confirm that you see a "Privacy settings" under "Privacy and policy" category Click "Privacy settings" Confirm that the " Contact Data Protection Office " setting is NOT ticked by default. Tick the " Contact Data Protection Office " setting to enable it. Check the " Data Protection Officer role mapping " setting. Confirm that it only contains the Data Protection Officer role that you created earlier. Select the " Data Protection Officer " role for the " Data Protection Officer role mapping ". Save changes. Contacting a Data Protection Officer (DPO) Login as a user Go to your profile page. Confirm that there is a " Privacy " section on your profile page. Confirm that you see the following links: Contact Data Protection Officer Data requests Click on the " Contact Data Protection Officer " link. Confirm that a dialogue comes up that contains: The " Reply to " field containing your email address. A message text area where you can enter your message for the DPO. Without entering anything into the Message field, click " Send " Confirm that you get an error message indicating that the field is required. Enter some message and click " Send " Confirm that the dialogue is closed. Go to the Mailcatcher browser window. Confirm that you see an email to the DPO about the message that you sent. Login as the user that you assigned as the site DPO. Check your notification. Confirm that you get a "General inquiry" notification about the user's message through Moodle. Click on the notification. Confirm that you are redirected to the " Data requests " page. Check the contents of the " Data requests " page. Confirm that you see an entry referring to the message that the user sent you. Click on the " Actions " menu of the message. Click " View the request " Confirm that you see a modal showing the user's name, email, the message date, the status and the message itself. Data request: Export Log in as a user Go to your profile page. Click on " Data requests " Click on " New request " Confirm that you are redirected to the " Contact Data Protection Officer " form. Select " Export all of my personal data " for the Type field Enter a message "Export request 1" Click " Save changes " Confirm that you are redirected back to the " Data requests " page. Confirm that you get a notification that your request has been submitted to the site's DPO. Confirm that you see your request on the data requests table and that it's status is currently " Pending " Click again on the " New request " button and try to create another data export request. Save the changes. Confirm that you get an error that you already have an ongoing request. Go back to the data requests page. Click on the " Actions " menu of your data export request. Click " Cancel request " Confirm that you see a confirmation dialogue about the cancellation of your request. Confirm the request cancellation. Confirm that your request's status is now shown as "Cancelled" Repeat the above steps to create another data export request but don't cancel it this time and with a comment "Export request 2" Open a terminal. Go to the root directory of your moodle instance. Execute CRON php admin/cli/cron.php Confirm that the CRON script completes successfully and that you don't encounter any errors. Go to the Mailcatcher browser window. Confirm that you see two more emails to the DPO about the data requests that the user sent. Log in as the DPO. Check your notifications. Confirm that you get only one notification about the user's export data request. (The DPO should no longer received an email about the cancelled one) Click on one of the notifications. Confirm that you are redirected to the " Data requests " page.* Check the contents of the " Data requests " page. Confirm that you see two entries referring to the data export requests that the user sent you. Confirm that the cancelled request is shown with the status "Cancelled". Confirm that the other request is shown with the status "Awaiting approval". Click on the " Actions " menu of the cancelled request. Confirm that you only see " View the request " Click " View the request " Confirm that you see a modal showing the user's name, email, the message date, the status and the message itself. Confirm that there are no buttons in the footer of the modal and you can close the modal by clicking on the modal's close button on the top right part of the modal header. Click on the " Actions " menu of the request that is awaiting approval. Confirm that you see the options " View the request ", " Approve request ", and " Deny request ". Click " View the request " Confirm that you see a modal showing the user's name, email, the message date, the status and the message itself. Confirm that you also see the " Approve " and " Deny " buttons in the dialogue. Click " Approve ". Confirm that you see a confirmation dialogue regarding the approval. Confirm the approval. Confirm that the request's status is now shown as " Approved " Back to your terminal, run CRON again. Confirm that the CRON runs successfully. Go to the Mailcatcher browser window. Confirm that you see an email to the requesting user that tells them that their data is now ready for download. Log in as the user who made the data export request. Confirm that you get a notification that tells you that your data is now ready for download. Click on the notification to go to the data requests page. On the Data requests page, check your data request. Confirm that its status is now set to "Complete" Open the actions menu of the request. Confirm that you see a " Download " action link and a file is downloaded Confirm that you can open the file and it contains files with contents (no need to check the contents, just that something is generated) Repeat the data export request creation. This time though, as DPO, deny the request. Confirm that the status of the request becomes " Rejected " Data request: Deletion Log in as a user Go to your profile page. Click on " Data requests " Click on " New request " Confirm that you are redirected to the " Contact Data Protection Officer " form. Select " Delete all of my personal data " for the Type field Enter a message (optional) Click " Save changes " Confirm that you are redirected back to the " Data requests " page. Confirm that you get a notification that your request has been submitted to the site's DPO. Confirm that you see your request on the data requests table and that it's status is currently " Pending " Click again on the " New request " button and try to create another data deletion request. Save the changes. Confirm that you get an error that you already have an ongoing request. Open a terminal. Go to the root directory of your moodle instance. Execute CRON php admin/cli/cron.php Confirm that the CRON script completes successfully and that you don't encounter any errors. Go to the Mailcatcher browser window. Confirm that you an email to the DPO about the data deletion request that the user sent. Log in as the DPO. Check your notifications. Confirm that you get a notification about the user's data deletion request. Click on one of the notifications. Confirm that you are redirected to the " Data requests " page.* Check the contents of the " Data requests " page. Confirm that you see the entry referring to the data deletion request that the user sent you. Confirm that the data deletion request is shown with the status "Awaiting approval". Click on the " Actions " menu of the request that is awaiting approval. Confirm that you see the options " View the request ", " Approve request ", and " Deny request ". Click " View the request " Confirm that you see a modal showing the user's name, email, the message date, the status and the message itself. Confirm that you also see the " Approve " and " Deny " buttons in the dialogue. Click " Approve ". Confirm that you see a confirmation dialogue regarding the approval. Confirm the approval. Confirm that the request's status is now shown as " Approved " Back to your terminal, run CRON again. Confirm that the CRON runs successfully. Go to the Mailcatcher browser window. Confirm that you see an email to the requesting user that tells them that their data has now been deleted and they would no longer be able to log into the site. Try to log in again as the user that requested the deletion request. You SHOULD NOT be able to do it as its account was deleted Creating data requests for other users. As a DPO, confirm that when you click on " New request " you will be able to create data requests on behalf of other users. Log in as an admin. Create a Parent role , but also give it the " tool/dataprivacy:makedatarequestsforchildren " capability. Assign a user p1 as a parent of a student s1. Login as p1 and go to the Data requests page. Click " New request " Confirm that you can create a data request for s1. Data registry. Log in as the user with dpo role Go to "Site admin > Privacy and policies > Data registry" You should see a nice tree with, with "Site" as the active node and, on right hand, a form (with "Site" heading) This tree represents a hierarchy of your site elements Feel free to: Navigate through it To create purposes and categories (try to save without filling the required fields, to cancel the form...) To save context instances purposes and categories, to edit them... checking that the values are properly saved Define a category "Cat1" and a purpose "Pur1" with retention period set to 1 day Define another purpose "Pur2" and set its retention period to 3 years Define another purpose "Pur3" and set its retention period to 5 years Assign "Cat1" and "Pur1" to "Site" data registry node Go to "Set defaults" and set "Pur2" to context course and "Pur3" to context module Log in as admin Go to "Site admin > Courses > Manage courses and categories" Create a new course within a new category (hanging from root) and an activity new module Log in back as dpo Return to the context tree in "Site admin > Privacy and policies > Data registry" Check that: new category purpose is "Not set" with a retention period of 1 day (from the site default purpose) Once you press "Courses" below new category node the category courses are loaded new course purpose is "Not set" with a retention period of 3 years (from the course context level default purpose) Once you press "Activities and resources" below new course node the course activities are loaded new module purpose is "Not set" with a retention period of 5 years (from the module context level default purpose) Change new module purpose to "Pur2" and press "Save changes". Confirm that the value has been saved by moving to another tree node and returning back to the new module. "Pur2" should be selected and "3 years" should appear as its "Retention period" Change C2 course purpose to "Pur2" Set C1  purpose to "Pur1" and all  C1 activities and blocks to "Pur1" as well (note that you may not have blocks) Now go to "Edit > Categories" Check that you don't have the "Delete" option for categories that are assigned to contexts or to defaults Create a new category and delete it afterwards Press "Back" button and now go to "Edit > Purposes" Check that you don't have the "Delete" option for purposes that are assigned to contexts or to defaults Create a new purpose and delete it afterwards Expired contexts listing Go to " Site administration / Server / Scheduled tasks ". Run the "Expired retention period" scheduled task. Go to " Site administration / Privacy and policies / Data deletion " Confirm that the filter is initially set to " Course " Confirm that you see C1 in the list under the Course filter criterion. Confirm that you CAN NOT see C2 (retention period 3 years) nor new course in the list under the Course filter criterion. Hover over the info icon under the Name column. Confirm that you see the full context path. Hover over the info icon under the Info column. Confirm that you see the child contexts of the context. Change the filter to " Activities and resources " Confirm that you can see the activities in C1 Click on the Select all checkbox. Confirm that it selects/deselects the items on the list. Select one or more course module contexts. Click " Delete selected " Confirm that you see a confirmation dialogue. Confirm the deletion of the contexts. Confirm that the contexts that you approved for deletion are now removed from the list. Change the filter to "Blocks" and mark for deletion any C1 blocks (note that you may have none) Change the filter to "Course". Approve C1 for deletion. Confirm that C1 is removed from the list. Change the filter back to "Activities and resources" Confirm that the contexts under C1 are now also gone from the list. Change the filter to "User" Approve newuser for deletion (select + "Delete selected" + confirm it). Delete expired contexts Go to " Site administration / Server / Scheduled tasks ". Run the "Delete expired contexts" scheduled task. Also run the "Expired retention period" scheduled task. Go to " Site administration / Privacy and policies / Data deletion " Check that non of the previously deleted contexts are listed Try to log in as newuser you SHOULD NOT be able to do it. Try to search for in in "Site admin > Users > Browse list of users", newuser SHOULD NOT appear Plugin privacy registry Go to " Site administration / Privacy and policies / Plugin privacy registry " View the list. Clicking on the links should expand into more sections. Ultimately there should be a description about the user data stored for each plugin. Currently there are sections that are not covered, they should show a small red icon which when you hover over it says "Requires attention". Verify that the information in the report is consistent with the information pulled from the metadata providers. e.g. Activity modules > Choice: You should see info about choice_answers content Antivirus plugin > ClamAV: The ClazmAV Antivirus plugin does not store any personal data.
    • Affected Branches:
      MOODLE_35_STABLE
    • Fixed Branches:
      MOODLE_35_STABLE
    • Pull Master Branch:
      MDL-61899-master

      Description

      This issue is about including https://github.com/moodlehq/moodle-tool_dataprivacy in core and it is closely related to privacy API and MDL-61306.

        Attachments

        1. contact dpo setting.png
          24 kB
          Helen Foster
        2. theme_boost_buttons.png
          26 kB
          David Monllaó
        3. theme_clean_buttons.png
          28 kB
          David Monllaó

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                12 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  17/May/18