Prerequisites Outgoing email server. Alternatively, you can use Mailcatcher: Open your terminal Install Mailcatcher: gem install mailcatcher Run mailcatcher: mailcatcher Open your browser and go to http://localhost:1080 Edit your moodle instance's config.php and add the following line: $CFG->smtphosts = 'localhost:1025'; Update/Install Update your Moodle source code to the latest branch that contains this patch. Do an upgrade process. Confirm that the upgrade process completes successfully. Uninstall your Moodle instance and do a fresh install. Confirm that the install process completes successfully. Data Protection Officer (DPO) role creation Login as an admin Go to " Site administration / Users / Define roles " Create a Data Protection Officer role with the following settings: Short name dpo Custom full name Data Protection Officer Role archetype None Context types where this role may be assigned System Capability "moodle/site:configview" (Allow) Capability "tool/dataprivacy:managedatarequests" (Allow) Save changes. Confirm that the role is successfully created. Go to " Site administration / Users / Permissions / Assign system roles " Assign at least one user to the DPO role. Save the changes. System settings Go to " Site administration " Scroll down to the bottom of the " Site administration " tab Confirm that you see a "Data privacy" category Click "Data privacy settings" Confirm that the " Contact Data Protection Office " setting is ticked by default. Check the " Data Protection Officer role mapping " setting. Confirm that it only contains the Data Protection Officer role that you created earlier. Select the " Data Protection Officer " role for the " Data Protection Officer role mapping ". Save changes. Contacting a Data Protection Officer (DPO) Login as a user Go to your profile page. Confirm that there is a " Privacy " section on your profile page. Confirm that you see the following links: Contact Data Protection Officer Data requests Click on the " Contact Data Protection Officer " link. Confirm that a dialogue comes up that contains: The " Reply to " field containing your email address. A message text area where you can enter your message for the DPO. Without entering anything into the Message field, click " Send " Confirm that you get an error message indicating that the field is required. Enter some message and click " Send " Confirm that the dialogue is closed. Go to the Mailcatcher browser window. Confirm that you see an email to the DPO about the message that you sent. Login as the user that you assigned as the site DPO. Check your notification. Confirm that you get a "General inquiry" notification about the user's message through Moodle. Click on the notification. Confirm that you are redirected to the " Data requests " page. Check the contents of the " Data requests " page. Confirm that you see an entry referring to the message that the user sent you. Click on the " Actions " menu of the message. Click " View the request " Confirm that you see a modal showing the user's name, email, the message date, the status and the message itself. Data request: Export Login as a user Go to your profile page. Click on " Data requests " Click on " New request " Confirm that you are redirected to the " Contact Data Protection Officer " form. Select " Export all of my personal data " for the Type field Enter a message (optional) Click " Save changes " Confirm that you are redirected back to the " Data requests " page. Confirm that you get a notification that your request has been submitted to the site's DPO. Confirm that you see your request on the data requests table and that it's status is currently " Pending " Click again on the " New request " button and try to create another data export request. Save the changes. Confirm that you get an error that you already have an ongoing request. Go back to the data requests page. Click on the " Actions " menu of your data export request. Click " Cancel request " Confirm that you see a confirmation dialogue about the cancellation of your request. Confirm the request cancellation. Confirm that your request's status is now shown as "Cancelled" Repeat the above steps to create another data export request but don't cancel it this time. Open a terminal. Go to the root directory of your moodle instance. Execute CRON php admin/cli/cron.php Confirm that the CRON script completes successfully and that you don't encounter any errors. Go to the Mailcatcher browser window. Confirm that you see two more emails to the DPO about the data requests that the user sent. Login as the DPO. Check your notifications. Confirm that you get two notifications about the user's export data requests. Click on one of the notifications. Confirm that you are redirected to the " Data requests " page.* Check the contents of the " Data requests " page. Confirm that you see two entries referring to the data export requests that the user sent you. Confirm that the cancelled request is shown with the status "Cancelled". Confirm that the other request is shown with the status "Awaiting approval". Click on the " Actions " menu of the cancelled request. Confirm that you only see " View the request " Click " View the request " Confirm that you see a modal showing the user's name, email, the message date, the status and the message itself. Confirm that you only see the " Cancel " button that closes the dialogue when clicked. Click on the " Actions " menu of the request that is awaiting approval. Confirm that you see the options " View the request ", " Approve request ", and " Deny request ". Click " View the request " Confirm that you see a modal showing the user's name, email, the message date, the status and the message itself. Confirm that you also see the " Review data ", " Approve " and " Deny " buttons in the dialogue. Click " Approve ". Confirm that you see a confirmation dialogue regarding the approval. Confirm the approval. Confirm that the request's status is now shown as " Approved " Back to your terminal, run CRON again. Confirm that the CRON runs successfully. Go to the Mailcatcher browser window. Confirm that you see an email to the requesting user that tells them that their data is now ready for download. Login as the user who made the data export request. Confirm that you get a notification that tells you that your data is now ready for download. Click on the notification to go to the data requests page. On the Data requests page, check your data request. Confirm that its status is now set to "Completed" Open the actions menu of the request. Confirm that you see a " Download " action link. ( Clicking on the link though will do nothing at this time ) Repeat the data export request creation. This time though, as DPO, deny the request. Confirm that the status of the request becomes " Rejected " Data request: Deletion Login as a user Go to your profile page. Click on " Data requests " Click on " New request " Confirm that you are redirected to the " Contact Data Protection Officer " form. Select " Delete all of my personal data " for the Type field Enter a message (optional) Click " Save changes " Confirm that you are redirected back to the " Data requests " page. Confirm that you get a notification that your request has been submitted to the site's DPO. Confirm that you see your request on the data requests table and that it's status is currently " Pending " Click again on the " New request " button and try to create another data deletion request. Save the changes. Confirm that you get an error that you already have an ongoing request. Open a terminal. Go to the root directory of your moodle instance. Execute CRON php admin/cli/cron.php Confirm that the CRON script completes successfully and that you don't encounter any errors. Go to the Mailcatcher browser window. Confirm that you an email to the DPO about the data deletion request that the user sent. Login as the DPO. Check your notifications. Confirm that you get a notification about the user's data deletion request. Click on one of the notifications. Confirm that you are redirected to the " Data requests " page.* Check the contents of the " Data requests " page. Confirm that you see the entry referring to the data deletion request that the user sent you. Confirm that the data deletion request is shown with the status "Awaiting approval". Click on the " Actions " menu of the request that is awaiting approval. Confirm that you see the options " View the request ", " Approve request ", and " Deny request ". Click " View the request " Confirm that you see a modal showing the user's name, email, the message date, the status and the message itself. Confirm that you also see the " Review data ", " Approve " and " Deny " buttons in the dialogue. Click " Approve ". Confirm that you see a confirmation dialogue regarding the approval. Confirm the approval. Confirm that the request's status is now shown as " Approved " Back to your terminal, run CRON again. Confirm that the CRON runs successfully. Go to the Mailcatcher browser window. Confirm that you see an email to the requesting user that tells them that their data has now been deleted and they would no longer be able to log into the site. ( At this point, the actual deletion functionality hasn't been implemented yet, so the user would still be able to log in. Don't mind this. ) Creating data requests for other users. As a DPO, confirm that when you click on " New request " you will be able to create data requests on behalf of other users. Login as an admin. Create a Parent role , but also give it the " tool/dataprivacy:makedatarequestsforchildren " capability. Assign a user p1 as a parent of a student s1. Login as p1 and go to the Data requests page. Click " New request " Confirm that you can create a data request for s1.