Start FileCloud FREE Trial
Log in

Guide to GDPR Rules in the Compliance Center

This table defines the GDPR rules covered in FileCloud's Compliance Center, explains what steps you must take to be in compliance, and describes how FileCloud validates each rule.

Rule (click to see text)DescriptionSteps for complyingValidation
Art 5Principles for processing personal data.

To set up data protection, customize Terms of Service:

  1. Go to Customization > TOS
  2. Set up a TOS that is suitable for your organization. 
If the default TOS is not modified then status is Issues.
Art. 6 & 7Lawfulness of processing

To confirm lawfulness of processing and conditions for consent:

  1. For each policy:
    1. Go to Settings > Policies.
    2. Open the policy for editing.
    3. In the General tab, set Enable Privacy Settings to YES, and save.
  2. After you have completed this configuration for each policy:
    1. Go to Settings > Misc > Privacy.
    2. Set Force users to accept TOS when changed to YES.
    3. Check Show TOS for every login.
If the settings are set as specified, status is OK; if not, status is Issues.
Art. 12Rights of data subject - transparent information

To maintain transparent information and communication:

  • Go to Settings > Misc > General, and uncheck Disable Action Panel if it is checked. 
If Disable Action Panel is unchecked, status is OK; if not, status is Issues.
Art. 13Rights of data subject - information about collecting of personal dataTo confirm that Terms of Service indicate where personal data are collected about the data subject, enable this rule. None
Art. 17Rights of data subject - right to be forgotten

To set up the right to be forgotten:

  1. Go to Settings > Misc > Privacy.
  2. Set up Anonymous User Consent Dialog Text with information that provides rights of the data subject.
  3. If a user requests to be forgotten, anonymize the data. 

Also see Anonymizing User Data.

If the settings are configured as specified, status is OK; if not, status is Issues.
Art. 20Rights of data subject - right to data portability

To confirm the right to data portability, ensure the following options work in the Admin portal, and then enable this rule.

  • Exporting a user's file.
    1. In the navigation pane, click Users.
    2. Edit a user.
    3. In the User Details dialog box, click Manage Files. and then click My Files.
    4. Click Download as Zip for a file, and confirm that the zip download works.
  • Exporting audit log records.
    1. In the navigation pane, click Audit.
    2. In the upper-right corner of the screen, click Manage.
    3. In the Manage Audit Logs dialog box, enter a Start Date and an End Date.
    4. Click Export, and confirm that the file is exported correctly.
None.
Art. 21Rights of data subject - right to object

To confirm users have right to object:

  • For each policy:
    1. Go to Settings > Policies.
    2. Open the policy for editing.
    3. In the General tab, set Enable Privacy Settings to Yes.

After you have completed this configuration for each policy:

  1. Go to Settings > Misc.
  2. Click the Privacy tab. 
  3. Check Show TOS for every login.
    This option forces users to accept the TOS for every login; if users do not want to accept the condition, they can close the TOS, but they
    will not be able to log in to the user portal.
If the specified settings are set, status is OK; if not, status is Issues.
Art. 30Controller and processor - Records of processing activitiesTo maintain records of processing activities:
  1. Go to Settings > Admin.
  2. Set Audit Logging Level to Request or Full.
If Audit Logging Level is set to Request or Full, status is OK; if Audit Logging Level is set to Off, status is Issues.
Art. 32Controller and processor - Security of processing

Configure storage encryption.

  1. See Setting Up Managed Storage Encryption in the support document.   
    1. Go to Settings > Storage > MyFiles and enable encryption.
    2. Encrypt all existing files.
If storage is not fully encrypted or any existing files are not fully encrypted, status is Issues.
Art. 33Controller and processor - 

Notification of a personal data breach to the supervisory authority

To confirm that admins can use audit logs, alerts, and violation reports to generate breach notification, enable this rule. None
Art. 35Controller and processor - 

Data protection impact assessment

Enable all GDPR compliance rules, and ensure that they pass.If all GDPR compliance rules are enabled and pass, Status is OK. If any rules are not enabled or do not pass, Status is Issues.
Art. 37Controller and processor - 

Designation of the data protection officer

To enable at least one user to manage the Compliance Center:

  1. Go to Admins and create a role with Compliance access to the Compliance Center.
  2. In Admins, add at least one user to the role with access to the Compliance Center.
If one or more users have access to the Compliance Center, status is OK; if not, status is Issues.
Art. 45

Transfers of personal data to third countries or international organisations - Transfers on the basis of an adequacy decision

To allow users to log in to access FileCloud content based on location or IP address, click the Edit button and select a DLP rule that blocks users from logging in from outside locations. If the DLP rule exists and is enabled, status is OK; if not, or if modifications to the rule allow login from outside locations, status is Issues.