Guide to GDPR Rules in the Compliance Center
This table defines the GDPR rules covered in FileCloud's Compliance Center, explains what steps you must take to be in compliance, and describes how FileCloud validates each rule.
Rule (click to see text) | Description | Steps for complying | Validation |
---|---|---|---|
Art 5 | Principles for processing personal data. | To set up data protection, customize Terms of Service:
| If the default TOS is not modified then status is Issues. |
Art. 6 & 7 | Lawfulness of processing | To confirm lawfulness of processing and conditions for consent:
| If the settings are set as specified, status is OK; if not, status is Issues. |
Art. 12 | Rights of data subject - transparent information | To maintain transparent information and communication:
| If Disable Action Panel is unchecked, status is OK; if not, status is Issues. |
Art. 13 | Rights of data subject - information about collecting of personal data | To confirm that Terms of Service indicate where personal data are collected about the data subject, enable this rule. | None |
Art. 17 | Rights of data subject - right to be forgotten | To set up the right to be forgotten:
Also see Anonymizing User Data. | If the settings are configured as specified, status is OK; if not, status is Issues. |
Art. 20 | Rights of data subject - right to data portability | To confirm the right to data portability, ensure the following options work in the Admin portal, and then enable this rule.
| None. |
Art. 21 | Rights of data subject - right to object | To confirm users have right to object:
After you have completed this configuration for each policy:
| If the specified settings are set, status is OK; if not, status is Issues. |
Art. 30 | Controller and processor - Records of processing activities | To maintain records of processing activities:
| If Audit Logging Level is set to Request or Full, status is OK; if Audit Logging Level is set to Off, status is Issues. |
Art. 32 | Controller and processor - Security of processing | Configure storage encryption.
| If storage is not fully encrypted or any existing files are not fully encrypted, status is Issues. |
Art. 33 | Controller and processor - Notification of a personal data breach to the supervisory authority | To confirm that admins can use audit logs, alerts, and violation reports to generate breach notification, enable this rule. | None |
Art. 35 | Controller and processor - Data protection impact assessment | Enable all GDPR compliance rules, and ensure that they pass. | If all GDPR compliance rules are enabled and pass, Status is OK. If any rules are not enabled or do not pass, Status is Issues. |
Art. 37 | Controller and processor - Designation of the data protection officer | To enable at least one user to manage the Compliance Center:
| If one or more users have access to the Compliance Center, status is OK; if not, status is Issues. |
Art. 45 | Transfers of personal data to third countries or international organisations - Transfers on the basis of an adequacy decision | To allow users to log in to access FileCloud content based on location or IP address, click the Edit button and select a DLP rule that blocks users from logging in from outside locations. | If the DLP rule exists and is enabled, status is OK; if not, or if modifications to the rule allow login from outside locations, status is Issues. |