MoodleCloud has successfully completed a data protection audit by the UK Information Commissioner’s Office (ICO), the independent regulator responsible for enforcing privacy laws like the UK GDPR.
This was a voluntary audit, part of a broader ICO review of education technology providers. It focused on how children’s personal data is managed in online learning platforms. Moodle chose to participate to show our commitment to high privacy standards and to make sure we are doing everything we can to protect our users’ data.
What the ICO audit involved
The audit examined MoodleCloud’s data handling practices, especially in the context of schools and young learners. It assessed our policies, internal governance, security infrastructure, and how we approach data protection in product design.
While the audit specifically looked at MoodleCloud, it is important to know that MoodleCloud is built on Moodle LMS. This means the privacy and security principles the ICO reviewed are part of the core Moodle architecture. MoodleCloud adds managed hosting, automated updates, and extra layers of support, but its foundations come directly from Moodle LMS.
Where we performed well
Privacy built into product decisions
The ICO recognised Moodle’s strong culture of privacy awareness. At Moodle, privacy is not something we add later. It is a standard part of how we design features and review systems. Our teams use data protection checklists, conduct Data Protection Impact Assessments (DPIAs), and apply clear privacy controls when developing new tools. For example, when introducing an analytics feature, we review what data is truly necessary and provide clear options for users to manage how their data is collected or viewed.
Security practices that protect users every day
The audit also highlighted MoodleCloud’s strong security setup. This includes role-based access control, which limits data visibility based on user roles such as teacher, student, or admin. It also includes real-time security monitoring and regular patching. We host MoodleCloud on managed infrastructure and use threat detection tools like AWS GuardDuty to identify and respond to risks quickly.
Benefits that extend from LMS to MoodleCloud
Because MoodleCloud is built on Moodle LMS, it inherits the same privacy principles that have shaped Moodle’s open-source platform for over two decades. Choosing MoodleCloud means getting the best of both worlds. You get the flexibility and transparency of Moodle LMS along with the added security and support of a fully hosted solution.
What we’re improving next
The audit provided a few constructive suggestions. We are already working on those, with a focus on clearer documentation, internal training, and more accessible guidance for users. These improvements will continue to strengthen MoodleCloud and support our commitment to responsible data stewardship.
What this means for the education community
For schools, educators, and learners, this recognition from the ICO is a signal that MoodleCloud is a trusted space. The data you share with us is managed with care, supported by clear policies and strong infrastructure. Our team understands the responsibility that comes with handling personal information, especially when working with young people.
A shared achievement
This success reflects the work of many people. We want to thank:
- Andrew Lyons, Principal Architect
- Mathieu Petit-Clair, Technical Architect
- Brett Dalton, Product Director, Industry Solutions
Their deep knowledge and attention to detail were key in preparing for the audit and ensuring Moodle’s values came through.
Trust is something we build everyday
This milestone reinforces what we believe in. Privacy and security are not optional. They are essential to building trust in education. Whether you use MoodleCloud or Moodle LMS, you can rely on a platform shaped by transparency, user control, and a deep respect for data protection.
