Breadcrumbs

Guide to PDPL Rules in the Compliance Center

This table defines the PDPL rules covered in FileCloud's Compliance Center, explains what steps you must take to be in compliance, and describes how FileCloud validates each rule.

Rule (click to see text)

Description

Steps for complying

Validation

Ch. 1, Section 4 Lawful Processing

Confirm that admins understand how personal data is processed.

Enable this rule to confirm that admins understand how personal data is processed to create or perform the following:


    • Audit records

    • Alerts

    • Reports

    • Activity and share activity in user portal

    • Notifications

None

Ch. 1 Section 5 Sensitive Personal Data

Choose a metadata set to classify sensitive personal data, and apply the metadata to files with a smart classification rule.

To indicate which files include sensitive personal data, click the edit button and select a metadata set with a tag for identifying them. Then confirm that a smart classification rule that applies the metadata is enabled.

If the metadata set and the classification rule both exist and are enabled, status is OK; if any part of the condition isn't met, status is Issues.

Ch. 2 Section 2 Withdrawal of Consent

Confirm admins and users understand the process for resetting consent information.

Enable this rule to confirm that admins understand the procedures for withdrawing user consent information.

None

Ch. 2 Section 8 Lawfulness, Fairness, and Transparency

Set up privacy regulations.

To obtain explicit and informed consent from users before processing their data:
For each policy:

  1. Go to Settings > Policies.

  2. Open the policy for editing.

  3. In the General tab, set Enable Privacy Settings to YES, and save.


After you have completed this configuration for each policy:

  1. Go to Settings > Misc > Privacy.

  2. Enable Force users to accept TOS when changed.

  3. Enable Show TOS for every login.

If the specified settings are set, status is OK; if not, status is Issues.

Ch. 2 Section 9 Purpose Limitation

Set up terms of service.

To set up data protection principles:

  1. Go to Customization > TOS.

  2. Set up a TOS that is suitable for your organization.

If the default TOS is not modified then status is Issues.

Ch. 2 Section 10 Data Minimization

Confirm admins know how to use audit reports.

Enable this rule to confirm admins have a process to regularly review audit records and remove unwanted records.

None

Ch. 2 Section 11 Accuracy

Ensure that system date and time are updated to the user's regional time zone.

Enable this rule to confirm that admins and users understand how to check that records like audit, share activity, and global activity show the system date and time in the correct regional time zone.

None

Ch. 2 Section 12 Storage Limitation

Set up a retention policy to protect files and folders from deletion.

To protect personal data files and folders from deletion:

  • Click the edit button, and select a retention policy to protect personal data files and folders from deletion based on metadata.

  • Confirm admins understand that after the retention period, files will be completely deleted from the recycle bin.

If the retention policy exists and is enabled, status is OK; if not, or if modifications to the retention policy allow file or folder deletion, status is Issues.

Ch. 2 Section 13 Integrity and Confidentiality

Configure and enable encryption.

To maintain security:

  1. Configure storage encryption. See Setting Up Managed Disk Storage Encryption in the support document.

  2. Go to Settings > Storage > Managed Storage and enable encryption.

  3. Encrypt all existing files.

If storage is not fully encrypted, or any existing files are not fully encrypted, status is Issues.

Ch. 3 Section 15 Right of Access

Confirm terms of service indicates where personal data are collected.

To confirm that terms of service indicates where personal data are collected from the data subject, enable this rule.

There are no system checks to verify this; your confirmation is the only verification.

Ch. 3 Section 16 Right of Correction

Confirm admins understand how to edit user accounts, and users are aware of the rectification request process.

 Enable this rule to confirm that admins and users understand the process of amending personal data.

There are no system checks to verify this; your confirmation is the only verification.

Ch. 3 Section 17 Right to Erasure

Use Anonymize Data.

To confirm the right to be forgotten:

  1. Go to Settings > Misc > Privacy.

  2. In Anonymous User Consent Message for Accessing Shared Files enter text that explains data subject's right to erasure.

  3. If a user requests to be forgotten, anonymize the data.

    Also see Anonymizing User Data.

If the specified settings are set, status is OK; if not, status is Issues.

Ch. 3 Section 19 Right to Object to Processing

Confirm that admins and users know privacy TOS behavior.

To configure users' right to object:

For each policy:

  1. Go to Settings > Policies.

  2. Open the policy for editing.

  3. In the General tab, set Enable Privacy Settings to Yes.


After you have completed this configuration for each policy:

  1. Go to Settings > Misc.

  2. Click the Privacy tab.

  3. Enable Show TOS for every login.
    This option forces users to accept the TOS for every login; if users do not want to accept the condition, they can close the TOS. Please note that on not accepting the TOS, the user will not be able to log in to the user portal.

If the specified settings are set, status is OK; if not, status is Issues.

Ch. 3 Section 20 Right to Data Portability

Confirm admins understand option to Export User Files and User activity.

To configure the right to data portability, ensure the following options work in the admin portal, and then enable this rule.

Exporting a user's file.

  1. In the navigation pane, click Users.

  2. Edit a user.

  3. In the User Details dialog box, click Manage Files. and then click My Files.

  4. Click Download as Zip for a file, and confirm that the zip download works.


Exporting audit log records.

  1. In the navigation pane, click Audit.

  2. In the upper-right corner of the screen, click Manage.

  3. In the Manage Audit Logs dialog box, enter a Start Date and an End Date.

  4. Click Export, and confirm that the file is exported correctly.

None

Ch 3 Section 23 Right to be Informed of Data Breaches

Confirm Admin knows how to use audit, alerts, violation and event reports to create notification reports.

To confirm that admins can use audit logs, alerts, and violation reports to generate breach notifications, enable this rule.

None

Ch. 4 Section 29 Data Protection Officer

Give at least one admin access to the Compliance Center.

To enable at least one user to manage the Compliance Center:

  1. Go to Admins and create a role with Compliance access to the Compliance Center.

  2. In Admins, add at least one user to the role with access to the Compliance Center.

If one or more users have access to the Compliance Center, status is OK; if not, status is Issues.

Ch. 6 Section 33 Transfers to Third Countries

Confirm that users and admins understand how to use and manage sharing and folder permissions.

Enable this rule to confirm that users and admins are educated about sharing and folder-level permissions.

None

Ch. 6 Section 34 Transfers to International Organizations

Confirm admins understand how to set up encryption and anonymization of data.

To confirm that admins understand how to use anonymization and encryption, enable this rule.

None