Forums | Mahara Community
Support
/
GDPR and groups
06 June 2018, 22:33
I'm really just catching up with 18.04 and the GDPR stuff, so sorry if this is a stupid question.
Clearly it is easy enough to dump a user's data as LEAP2A from their own portfolio. However, when it comes to data requests (or indeed requests for deletion) how are Groups handled? Users could easily have personal data in a group which would not form part of their own portfolio.
07 June 2018, 8:55
Hello Howard,
Groups are a bit tricky as they often contain shared data. We do not have a process in place at this stage to extract personal data from groups. That would need to be done manually as the group content would need to be considered.
If a group were set up between a mentor and mentee, it's easy: Delete the group. If a student writes a journal entry in a group where other students are involved, then the institution would need to check if that content should stay or should be deleted because it might be vital to the rest of the group.
When an account is deleted, the name, profile pic, and email address are removed and whenever there is a forum post etc., it just says "Deleted user" not identifying the student anymore. However, if they revealed some personal information and posted their name in a forum post, that would not be affected and would stay as it is data that is not identifiable by an automated process.
Cheers
Kristina