German data protection regulations require that any personal data may be stored electronically only as long as it is absolutely required. However, when staff or students leave the institution, Moodle does not ensure timely automated deletion of personal data, especially when linked to a separate (but in-house) identity provider service (IDP). To solve this issue, we are currently developing a plugin that compares Moodle's user lists to those of the IDP and provides means for (temporary) deactivation, (explicit) reactivation, and final deletion of all personal data related to user accounts whose owners are not affiliated with our institution anymore. We will describe our solution and would like to discuss which measures you have taken – or would like to take – to ensure compliance with GDPR (deutsch BDSG) or similar laws in other countries. |