The My Feedback report predominately displays information already in Moodle; however, it does store 2 pieces of data in its own database table. These are for the self-reflective notes and manually-entered Turnitin feedback.

The plugin needs to be updated so that if a user asks to be deleted and this request is accepted and actioned within Moodle, their My Feedback data is also removed.

The Privacy API can be used for this. Further details follow:

The My feedback plugin will need to implement one metadata provider and two request providers to be GDPR compliant:

Developer instructions are available here: 

https://docs.moodle.org/dev/Privacy_API

The main sections that are relevant are as follows:

“Describing data stored in database tables:”

As a plugin developer you will need to describe each database table, and each field which includes user data.

MyFeedback comes under “Standard plugins which store data”

A majority of Moodle plugins will fit into this category and will be required to implement the \core_privacy\local\request\plugin\provider interface. This interface requires that you define two functions:

• get_contexts_for_userid - to explain where data is held within Moodle for your plugin; and

• export_user_data - to export a user’s personal data from your plugin.

There is only 1 database table (table name: report_myfeedback) for My Feedback, which links userids to two types of textual data:

• self reflective notes (column name: notes)

• manually pasted Turnitin feedback (column name: feedback).