Breadcrumbs

Guide to GDPR Rules in the Compliance Center

This table defines the GDPR rules covered in FileCloud's Compliance Center, explains what steps you must take to be in compliance, and describes how FileCloud validates each rule.

Rule (click to see text)

Description

Steps for complying

Validation

Art 5

Principles for processing personal data.

To set up data protection, customize Terms of Service:

  1. Go to Customization > TOS

  2. Set up a TOS that is suitable for your organization. 

If the default TOS is not modified then status is Issues.

Art. 6 & 7

Lawfulness of processing

To confirm lawfulness of processing and conditions for consent:

  1. For each policy:

    1. Go to Settings > Policies.

    2. Open the policy for editing.

    3. In the General tab, set Enable Privacy Settings to YES, and save.

  2. After you have completed this configuration for each policy:

    1. Go to Settings > Misc > Privacy.

    2. Set Force users to accept TOS when changed to enabled.

    3. Enable Show TOS for every login.

If the settings are set as specified, status is OK; if not, status is Issues.

Art. 12

Rights of data subject - transparent information

To maintain transparent information and communication:

  • Go to Settings > Misc > General, and if Disable Action Panel is enabled, disable it. 

If Disable Action Panel is disabled, status is OK; if not, status is Issues.

Art. 13

Rights of data subject - information about collecting of personal data

To confirm that Terms of Service indicate where personal data are collected about the data subject, enable this rule. 

None

Art. 17

Rights of data subject - right to be forgotten

To set up the right to be forgotten:

  1. Go to Settings > Misc > Privacy.

  2. In Anonymous User Consent Message for Accessing Shared Files enter text that explains data subject's right to erasure. 

  3. If a user requests to be forgotten, anonymize the data. 

Also see Anonymizing User Data.

If the settings are configured as specified, status is OK; if not, status is Issues.

Art. 20

Rights of data subject - right to data portability

To confirm the right to data portability, ensure the following options work in the Admin portal, and then enable this rule.

  • Exporting a user's file.

    1. In the navigation pane, click Users.

    2. Edit a user.

    3. In the User Details dialog box, click Manage Files. and then click My Files.

    4. Click Download as Zip for a file, and confirm that the zip download works.

  • Exporting audit log records.


    1. In the navigation pane, click Audit.

    2. In the upper-right corner of the screen, click Manage.

    3. In the Manage Audit Logs dialog box, enter a Start Date and an End Date.

    4. Click Export, and confirm that the file is exported correctly.

None.

Art. 21

Rights of data subject - right to object

To confirm users have right to object:

  • For each policy:


    1. Go to Settings > Policies.

    2. Open the policy for editing.

    3. In the General tab, set Enable Privacy Settings to Yes.

After you have completed this configuration for each policy:

  1. Go to Settings > Misc.

  2. Click the Privacy tab. 

  3. Check Show TOS for every login.
    This option forces users to accept the TOS for every login; if users do not want to accept the condition, they can close the TOS, but they
    will not be able to log in to the user portal.

If the specified settings are set, status is OK; if not, status is Issues.

Art. 30

Controller and processor - Records of processing activities

To maintain records of processing activities:

  1. Go to Settings > Admin.

  2. Set Audit Log Level to Request or Full.

If Audit Log Level is set to Request or Full, status is OK; if Audit Log Level is set to Off, status is Issues.

Art. 32

Controller and processor - Security of processing

Configure storage encryption.

  1. See Setting Up Managed Storage Encryption in the support document.   

    1. Go to Settings > Storage > Managed storage and enable encryption.

    2. Encrypt all existing files.

If storage is not fully encrypted or any existing files are not fully encrypted, status is Issues.

Art. 33

Controller and processor - 

Notification of a personal data breach to the supervisory authority

To confirm that admins can use audit logs, alerts, and violation reports to generate breach notification, enable this rule.

None

Art. 35

Controller and processor - 

Data protection impact assessment

Enable all GDPR compliance rules, and ensure that they pass.

If all GDPR compliance rules are enabled and pass, Status is OK. If any rules are not enabled or do not pass, Status is Issues.

Art. 37

Controller and processor - 

Designation of the data protection officer

To enable at least one user to manage the Compliance Center:

  1. Go to Admins and create a role with Compliance access to the Compliance Center.

  2. In Admins, add at least one user to the role with access to the Compliance Center.

If one or more users have access to the Compliance Center, status is OK; if not, status is Issues.

Art. 45

Transfers of personal data to third countries or international organisations - Transfers on the basis of an adequacy decision

To allow users to log in to access FileCloud content based on location or IP address, click the Edit button and select a DLP rule that blocks users from logging in from outside locations.

If the DLP rule exists and is enabled, status is OK; if not, or if modifications to the rule allow login from outside locations, status is Issues.