Guide to PDPL Rules in the Compliance Center
This table defines the PDPL rules covered in FileCloud's Compliance Center, explains what steps you must take to be in compliance, and describes how FileCloud validates each rule.
Rule (click to see text) | Description | Steps for complying | Validation |
---|---|---|---|
Ch. 1, Section 4 Lawful Processing | Confirm that admins understand how personal data is processed. | Enable this rule to confirm that admins understand how personal data is processed to create or perform the following:
| None |
Ch. 1 Section 5 Sensitive Personal Data | Choose a metadata set to classify sensitive personal data, and apply the metadata to files with a smart classification rule. | To indicate which files include sensitive personal data, click the edit button and select a metadata set with a tag for identifying them. Then confirm that a smart classification rule that applies the metadata is enabled. | If the metadata set and the classification rule both exist and are enabled, status is OK; if any part of the condition isn't met, status is Issues. |
Ch. 2 Section 2 Withdrawal of Consent | Confirm admins and users understand the process for resetting consent information. | Enable this rule to confirm that admins understand the procedures for withdrawing user consent information. | None |
Ch. 2 Section 8 Lawfulness, Fairness, and Transparency | Set up privacy regulations. | To obtain explicit and informed consent from users before processing their data: For each policy:
After you have completed this configuration for each policy:
| If the specified settings are set, status is OK; if not, status is Issues. |
Ch. 2 Section 9 Purpose Limitation | Set up terms of service. | To set up data protection principles:
| If the default TOS is not modified then status is Issues. |
Ch. 2 Section 10 Data Minimization | Confirm admins know how to use audit reports. | Enable this rule to confirm admins have a process to regularly review audit records and remove unwanted records. | None |
Ch. 2 Section 11 Accuracy | Ensure that system date and time are updated to the user's regional time zone. | Enable this rule to confirm that admins and users understand how to check that records like audit, share activity, and global activity show the system date and time in the correct regional time zone. | None |
Ch. 2 Section 12 Storage Limitation | Set up a retention policy to protect files and folders from deletion. | To protect personal data files and folders from deletion:
| If the retention policy exists and is enabled, status is OK; if not, or if modifications to the retention policy allow file or folder deletion, status is Issues. |
Ch. 2 Section 13 Integrity and Confidentiality | Configure and enable encryption. | To maintain security:
| If storage is not fully encrypted, or any existing files are not fully encrypted, status is Issues. |
Ch. 3 Section 15 Right of Access | Confirm terms of service indicates where personal data are collected. | To confirm that terms of service indicates where personal data are collected from the data subject, enable this rule. | There are no system checks to verify this; your confirmation is the only verification. |
Ch. 3 Section 16 Right of Correction | Confirm admins understand how to edit user accounts, and users are aware of the rectification request process. | Enable this rule to confirm that admins and users understand the process of amending personal data. | There are no system checks to verify this; your confirmation is the only verification. |
Ch. 3 Section 17 Right to Erasure | Use Anonymize Data. | To confirm the right to be forgotten:
| If the specified settings are set, status is OK; if not, status is Issues. |
Ch. 3 Section 19 Right to Object to Processing | Confirm that admins and users know privacy TOS behavior. | To configure users' have right to object: For each policy:
| If the specified settings are set, status is OK; if not, status is Issues. |
Ch. 3 Section 20 Right to Data Portability | Confirm admins understand option to Export User Files and User activity. | To configure the right to data portability, ensure the following options work in the admin portal, and then enable this rule. Exporting a user's file.
Exporting audit log records.
| None |
Ch 3 Section 23 Right to be Informed of Data Breaches | Confirm Admin knows how to use audit, alerts, violation and event reports to create notification reports. | To confirm that admins can use audit logs, alerts, and violation reports to generate breach notifications, enable this rule. | None |
Ch. 4 Section 29 Data Protection Officer | Give at least one admin access to the Compliance Center. | To enable at least one user to manage the Compliance Center:
| If one or more users have access to the Compliance Center, status is OK; if not, status is Issues. |
Ch. 6 Section 33 Transfers to Third Countries | Confirm that users and admins understand how to use and manage sharing and folder permissions. | Enable this rule to confirm that users and admins are educated about sharing and folder-level permissions. | None |
Ch. 6 Section 34 Transfers to International Organizations | Confirm admins understand how to set up encryption and anonymization of data. | To confirm that admins understand how to use anonymization and encryption, enable this rule. | None |