Guide to PDPL Rules in the Compliance Center

This table defines the PDPL rules covered in FileCloud's Compliance Center, explains what steps you must take to be in compliance, and describes how FileCloud validates each rule.

Rule (click to see text)DescriptionSteps for complyingValidation
Ch. 1, Section 4 Lawful ProcessingConfirm that admins understand how personal data is processed.Enable this rule to confirm that admins understand how personal data is processed to create or perform the following:
    • Audit records
    • Alerts
    • Reports
    • Activity and share activity in user portal
    • Notifications
None
Ch. 1 Section 5 Sensitive Personal DataChoose a metadata set to classify sensitive personal data, and apply the metadata to files with a smart classification rule.To indicate which files include sensitive personal data, click the edit button and select a metadata set with a tag for identifying them. Then confirm that a smart classification rule that applies the metadata is enabled.

If the metadata set and the classification rule both exist and are enabled, status is OK; if any part of the condition isn't met, status is Issues.

Ch. 2 Section 2 Withdrawal of ConsentConfirm admins and users understand the process for resetting consent information.Enable this rule to confirm that admins understand the procedures for withdrawing user consent information.None
Ch. 2 Section 8 Lawfulness, Fairness, and TransparencySet up privacy regulations.To obtain explicit and informed consent from users before processing their data:
For each policy:
  1. Go to Settings > Policies.
  2. Open the policy for editing.
  3. In the General tab, set Enable Privacy Settings to YES, and save.

After you have completed this configuration for each policy:
  1. Go to Settings > Misc > Privacy.
  2. Set Force users to accept TOS when changed to YES.
  3. Check Show TOS for every login.

If the specified settings are set, status is OK; if not, status is Issues.

Ch. 2 Section 9 Purpose LimitationSet up terms of service.To set up data protection principles:
  1. Go to Customization > TOS.
  2. Set up a TOS that is suitable for your organization.
If the default TOS is not modified then status is Issues.
Ch. 2 Section 10 Data MinimizationConfirm admins know how to use audit reports.Enable this rule to confirm admins have a process to regularly review audit records and remove unwanted records.None
Ch. 2 Section 11 AccuracyEnsure that system date and time are updated to the user's regional time zone.Enable this rule to confirm that admins and users understand how to check that records like audit, share activity, and global activity show the system date and time in the correct regional time zone.None
Ch. 2 Section 12 Storage LimitationSet up a retention policy to protect files and folders from deletion.To protect personal data files and folders from deletion:
  • Click the edit button, and select a retention policy to protect personal data files and folders from deletion based on metadata.
  • Confirm admins understand that after the retention period, files will be completely deleted from the recycle bin.

If the retention policy exists and is enabled, status is OK; if not, or if modifications to the retention policy allow file or folder deletion, status is Issues.
Ch. 2 Section 13 Integrity and ConfidentialityConfigure and enable encryption.To maintain security:
  1. Configure storage encryption. See Setting Up Managed Disk Storage Encryption in the support document.
  2. Go to Settings > Storage > Encryption and enable encryption.
  3. Encrypt all existing files.

If storage is not fully encrypted, or any existing files are not fully encrypted, status is Issues.

Ch. 3 Section 15 Right of AccessConfirm terms of service indicates where personal data are collected.To confirm that terms of service indicates where personal data are collected from the data subject, enable this rule.There are no system checks to verify this; your confirmation is the only verification.
Ch. 3 Section 16 Right of CorrectionConfirm admins understand how to edit user accounts, and users are aware of the rectification request process. Enable this rule to confirm that admins and users understand the process of amending personal data.There are no system checks to verify this; your confirmation is the only verification.
Ch. 3 Section 17 Right to ErasureUse Anonymize Data.To confirm the right to be forgotten:
  1. Go to Settings > Misc > Privacy.
  2. Set up Anonymous User Consent Dialog Text with information that provides rights of the data subject.
  3. If a user requests to be forgotten, anonymize the data.

    Also see Anonymizing User Data.
If the specified settings are set, status is OK; if not, status is Issues.
Ch. 3 Section 19 Right to Object to ProcessingConfirm that admins and users know privacy TOS behavior.

To configure users' have right to object:

For each policy:

  1. Go to Settings > Policies.
  2. Open the policy for editing.
  3. In the General tab, set Enable Privacy Settings to Yes.


After you have completed this configuration for each policy:

  1. Go to Settings > Misc.
  2. Click the Privacy tab.
  3. Check Show TOS for every login.
    This option forces users to accept the TOS for every login; if users do not want to accept the condition, they can close the TOS. Please note that on not accepting the TOS, the user will not be able to log in to the user portal.
If the specified settings are set, status is OK; if not, status is Issues.
Ch. 3 Section 20 Right to Data PortabilityConfirm admins understand option to Export User Files and User activity.To configure the right to data portability, ensure the following options work in the admin portal, and then enable this rule.

Exporting a user's file.
  1. In the navigation pane, click Users.
  2. Edit a user.
  3. In the User Details dialog box, click Manage Files. and then click My Files.
  4. Click Download as Zip for a file, and confirm that the zip download works.

Exporting audit log records.
  1. In the navigation pane, click Audit.
  2. In the upper-right corner of the screen, click Manage.
  3. In the Manage Audit Logs dialog box, enter a Start Date and an End Date.
  4. Click Export, and confirm that the file is exported correctly.
None
Ch 3 Section 23 Right to be Informed of Data BreachesConfirm Admin knows how to use audit, alerts, violation and event reports to create notification reports.To confirm that admins can use audit logs, alerts, and violation reports to generate breach notifications, enable this rule.None
Ch. 4 Section 29 Data Protection OfficerGive at least one admin access to the Compliance Center.To enable at least one user to manage the Compliance Center:
  1. Go to Admins and create a role with Compliance access to the Compliance Center.
  2. In Admins, add at least one user to the role with access to the Compliance Center.

If one or more users have access to the Compliance Center, status is OK; if not, status is Issues.

Ch. 6 Section 33 Transfers to Third CountriesConfirm that users and admins understand how to use and manage sharing and folder permissions.Enable this rule to confirm that users and admins are educated about sharing and folder-level permissions.None
Ch. 6 Section 34 Transfers to International OrganizationsConfirm admins understand how to set up encryption and anonymization of data.To confirm that admins understand how to use anonymization and encryption, enable this rule.None