Did anyone think that General Data Protection Regulation (GDPR) compliance was about sending a few (albeit cute) emails and calling it a day? A last-minute flurry of emails from companies trying to retain customers ahead of the deadline for Europe’s new GDPR has prompted a slew of complaints – and memes – on social media.

For learning organizations with students or users who are European residents, the potential burden of the European Union GDPR, which became enforceable just last week, will not materialize right away. For this reason, it is important to be cautious, especially true for those organizations just big enough to be subject to the Regulation (above 250 employees), but still lacking the resources for wide-reaching programs and legal counsel, let alone a full-time Data Protection Officer (DPO).

This means that in some cases, I would bet most of them, employees must take matters into their own hands. Simple tools can help companies deal with the law, but above all, stay ahead of the game and save lots of headaches along the way.

People in charge of organizations who use Moodle as their sole or main repository can immediately take advantage of the new features Moodle is offering. They also will benefit from the user-first mentality through which Moodle HQ is leading development efforts this year.

Of course, an interface is only as the use it gets, here are some ways to kickstart your Moodle-based GDPR defense force:

  • Might Strike You as Obvious: Promote a culture of compliance, starting from the top. Yes, that means making a point to read your site policies and make them readable for users. The Moodle Policies plugin makes it easier to manage versions and ensure everyone who reads and agreed to them.
  • Treat Data as a Limited Resource: Use must be vetted and traced as best as possible. Moodle’s Data Privacy plugin can help visualize the life cycle of personal data on the site.
  • Doubts and Details GDPR is NOT Clear: There is a fair chance that the regulation will be amended over the years. Set up regular reviews, ideally with deadlines for personal data storage. The same Data Privacy plugin allows sites to add expiration dates to data to prevent loose ends.

As with many of the threats involving the protection of information in the digital world, the problem might look like ‘sand‘ constantly leaking through a sieve. But while technology will always be the subject of prey, investing in people-first compliance is always a good first line of defense.

Let us know what you think.