 Privacy officer, data protection in Moodle. The information in this video is for guidance only. Please consult your legal and IT teams before taking any official action. As a Moodle administrator, you can manage policies, data requests and other privacy related issues. However, if your organization is a large one, it's better to have a designated privacy officer. If you haven't already watched our video on how can I manage policies on my Moodle site, do that first and then come back here. Privacy officer's tasks include approving user data to be exported or accounts to be deleted. They can also agree to policies on behalf of users and if needed, create policies. What they can do depends on the capabilities you allow them. Let's create the role with some suggested capabilities. From site administration, users, permissions, define roles, we click add a new role. We leave the defaults and click continue. Give it a name such as privacy officer and in context types where this role may be assigned, check system. We set the following capabilities to allow depending on what you want the privacy officer to be able to do. View the site administration tree but not all pages in it. Then for data privacy, manage data registry, manage data requests and if your organization requires this, request data deletion on behalf of another user, request data deletion for miners and make data requests for miners. For policies, agree to the policies, view user agreement reports and again if your organization requires this, give consent for policies on someone else's behalf and if you want the privacy officer to actually create policies, manage policies. Additionally, you may want to allow view courses without participation, view hidden categories, view hidden courses, view hidden activities. Then we create the role and from site administration, users, permissions, assigned system roles, we assign our designated person to the role of privacy officer. Then from site administration, users, privacy and policies, privacy settings, we check the boxes contact the privacy officer and privacy officer role mapping. This will allow users on the site to send a message to the privacy officer regarding their data. The privacy officer will then be able to deal with their requests. Note that the setting privacy officer role mapping only displays once the privacy officer role is created. So now we've done that, let's explore the kind of tasks our privacy officer can undertake. When our privacy officer Dan logs in, they see a link to site administration with limited access. From the users tab they can view various data and policy links. We'll go there in a moment. As we see here with student Brian, from the privacy and policies section of their profiles users can contact the privacy officer to request information or request data export or account deletion. And the privacy officer is notified of these according to the notification preferences you set for them, for example email or as here on the web. Our privacy officer clicks the notifications icon to view the requests. This one general inquiry was sent from the contact the privacy officer link. He can't reply here but can see more details by clicking view request or go to data requests. This one is of the type message. If he needs to reply he can message student Barbara from her profile and once he's completed the task he can immediately mark it as complete. The second notification is about data export. On this side automatic data export and data deletion are not enabled via privacy settings so the privacy officer handles these manually. So again privacy officer Dan clicks view the request or data requests and from the actions menu can approve or deny it. He can also double check the request by viewing it and approving it from there. If he approves the request student Brian will see the approval status from the data requests link in his profile and when the data is ready for download Brian will be notified. He can download it direct from the notification or from actions on the data request page. A useful filter allows the privacy officer to easily locate requests for example here he filters by type export and status download ready and can see Brian's request. Let's now look at policy related tasks the privacy officer can help with. From site administration users manage policies he can view the list of policies. Now this particular privacy officer doesn't have the capability manage policies so Dan cannot edit the policies or create new ones but if your organization wants this allowing the capability will then display a new policy button and actions menu. Either way the privacy officer can see who has agreed to the policies by clicking the agreements percentage. This takes them to the user agreements page also accessible from users privacy and policies. This media consent policy is optional so it's possible to decline it and still access the site however users who decline a compulsory policy cannot access the site. Our privacy officer has a capability to give consent for policies on someone else's behalf and note this also means that they can decline consent if it's an optional policy and withdraw consent already given. Again a useful filter allows you to filter by policy and status so here for example privacy officer Dan can quickly see who has accepted the safe internet use policy. The privacy officer can help maintain the data registry setting categories purposes and the retention period that is how long data will be kept. As well as creating new categories and purposes they can edit them to for example override the data retention period for a particular role as here for this site specific naughty student role. Finally if you're unsure about whether a particular plugin is privacy compliant the privacy officer can check its details from the plugin privacy registry link. Here for example we can see that the tiny mce accessibility checker does not store any personal data but the tiny autosave does. To summarize the privacy officer can undertake various data protection related tasks in your Moodle site.