 GDPR compliance features in Moodle 3.5 Moodle 3.5 offers the standard essential features to help organisations be GDPR compliant. These features are also available as plugins for Moodle 3.3.6 and 3.4.3. A new site administration area in the Users tab, Privacy and Policies presents the administrator with a number of options. In Policy Settings, the administrator can specify how to handle user agreements to cite policies. If she selects the new Tool Policy, two new links are displayed, Manage Policies and User Agreements. Note that Site Policies is now renamed to Site Security Settings in the administration area. In Privacy Settings, the administrator can require an age check before a new user can access the site and can provide a link to contact the organisation's data protection officer. It's a good idea to create this new custom role and assign it to a member of your organisation. If no one has the role, the Site admin can manage data requests. Here we see a new user is below the age of consent for her country and must therefore wait for consent to be given. Data requests is where the admin or DPO will receive notification of any request for data to be deleted or exported. As a regular student, your profile gives you access to important features. You can message the data protection officer, you can view the policies you've agreed to and you can ask for your data to be deleted or request a copy of it as our student is about to do. The admin or as here, the DPO will receive notification of the request and can view it, deny it or approve it. The data registry allows the admin or DPO to define categories of types of data, purposes, that's why the data is needed, along with retention periods, how long it will be kept. And data deletion displays data which has gone past its allocated retention period and can be deleted. The plugin privacy registry shows how and where personal information is stored in installed plugins and whether the plugin is GDPR compliant. A red icon will show those which do not yet have the privacy API implemented. From Manage Polices, the admin or DPO can create, view or edit various policies and from user agreements, they can check who has agreed to the policies and give consent on behalf of minors. To summarise, Moodle 3.5 includes as standard important settings to help organisations meet GDPR requirements.