User data management
  • 21 Jun 2022
  • 7 minutes to read

User data management


Article Summary

It is important that your organisation and the software you are using comply with local data protection regulations. In May 2018, GDPR (General Data Protection Regulation) was introduced to EU law, and a similar law (UK GDPR) exists in the UK following Brexit. You can read more about GDPR and Totara in our policy documents. Whether or not your business is operating out of Europe, Totara allows you to implement and operate robust data policies within your organisation. 

To help users to access and remove data, Totara has two configurable features: export types and purge types. Export types allow you to configure which data should be exported, whereas purge types allow you to configure which data will be removed. Purging is different from the standard deletion process (e.g. clicking Delete user on a user's profile), as it allows greater control over which data is removed. You can find out more about both purge types and export types below, as well as in the developer documentation.

Quick-access menu

By default, User data management will not appear in the quick-access menu. This can make it slightly trickier to get to, as you either have to go via the Related pages block on the User page (Quick-access > Users > Related pages > User data management) or you will need to search for it in the quick-access menu. If you want to access user data management features and settings frequently then you may want to add it to the quick-access menu

Export types

You can create and manage different export types, which contain a customisable list of data items that will be included when an export task is run to produce a file. 

It is useful to create an export type if:

  • Your organisation needs to restrict users from exporting data you consider to be sensitive
  • Due to impacts on site performance, you want to provide the option of a reduced export type (if that satisfies a specific need), and a more comprehensive type (to meet GDPR requirements)

Users will only be able to export their own data and not that of others. When creating an export type, User exporting own data must be selected to make the type available for use. Additionally, in the user data management settings, the option for allowing user exports has to be selected to make the export function available to users.

Choosing to include files in an export will impact both the size of the export file and the time it takes to be generated, which may impact site performance. You have the option of creating export types that don’t include files, although the exported data would still indicate that the files exist (e.g. as attachments to posts).

Managing export types

By going to Quick-access menu > User data management > Export types you can duplicate (), edit (), or delete () any of the existing export types using the icons in the Action column. 

Purge types

A purge type contains a list of data items that will be purged (deleted, or anonymised if deleting is not possible due to system constraints) when a purge task is run. A purge type can only be applied to a single user status type (e.g. Active, Suspended, Deleted). This is because the user status dictates which items are available for purging (e.g. some data, such as email addresses, are only safe to delete when a user is in the Deleted state). Scheduling a purge is connected to a user being assigned the Suspended or Deleted status, as this status is the marker that indicates the user's data should be purged in the next scheduled run of that purge type. User statuses are a way for the system to track the state of a user. A user can be suspended or deleted from their profile via their account or via a bulk action.

Examples of when you may want to purge a user's data include:

  • Where the requirement is to remove all user data, a 'Deleted user' purge type that includes all data items could be created, to ensure that any data not deleted during the standard deletion process is removed. 
  • If your organisation has to balance GDPR compliance (remove data) with other regulations (for example, keeping certification/training data on file), a purge type that deletes everything that is not needed could be created. Importantly, these users should not be Deleted, but merely Suspended, and a suspended purge type applied.

Purge tasks can be scheduled (automatic) or executed on an ad hoc basis when required (manual). If neither automatic nor manual application has been selected, the purge type will not be available for future purges until one of these options are selected. Only manual purges can be done on Active users. It is important to note that running a data purge on Active users can be risky, because they may be interacting with the system while their data is being deleted, which may have unexpected consequences.

When creating a purge type, you will select individual data items, to indicate that those items are to be deleted during a purge. It is important to remember that leaving an item unselected doesn’t guarantee that a user will have this data after the purge has run. For example, if they are separately deleted (outside of a purge, simply by deleting their user account) then a significant amount of these data items should already have been deleted).

When using Totara Learn, deleting gradebook data but not grades from individual activities will result in the gradebook being recalculated (and therefore repopulated) after the purge has run. To ensure that all grades are fully purged from the system, the following activities will also need to be purged: quiz, assignment, lesson, and workshop assessments.

Forum posts cannot be removed entirely without breaking the experience of forums for other users – in this case, the post content (and even author data) might be removed, but the rest of the thread from other users would remain intact.  

If you purge the audience membership for someone who is part of a dynamic audience, that membership may be restored on a following cron run (however the user's other data will not be). When users are purged from an audience they are not automatically notified.

Managing purge types

By going to Quick-access menu > User data management > Purge types you can duplicate (), edit (), or delete () any of the existing purge types using the icons in the Action column.

Purging legacy deleted users

If a user was deleted before the purge system was available then they will not be automatically removed when the purge is run. Instead they will need to be deleted manually, or have their purge type manually updated. 

This is the same for users who have been deleted prior to a default being set, however, the difference is that legacy deleted users show a delete icon next to their name in the deleted users list. 

Exporting data

In order to comply with both Article 15 and Article 20 of EU GDPR, Totara allows user data to be exportable that is both about the user ('concerning them') and is of a personal nature (defined as information that is 'relating to an identified or identifiable natural person').

Reports

You can see a list of pending or complete exports or purges by going to either:

  • Export: Quick-access menu > User data management > Exports
  • Purges: Quick-access menu > User data management > Purges

A separate page contains a report listing deleted users (they are not included in the Browse list of users report). Depending on how much data has been purged from the account, there may be very limited user information on their record. You can see this report by going to Quick-access menu > User data management > Deleted user accounts.

From Quick-access menu > Users you can click the stack icon () alongside a user to view a summary report on all of their data within the system. There is also a button to Audit user data, which provides a fuller list of details held about the user on the system. You can also run a manual purge or update the automatic purge types for a user.

In addition to the content on this page you will find additional information about related user data management features in the following places:

  • User profile: On the User profile help page you can find information about site policy consents and user data settings under the Administration section
  • Site policies: You can set up multiple site policies, which can be a useful way of informing users about how their data will be managed on your site

Next steps

© Copyright 2024 Totara Learning Solutions. All rights reserved.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.