Adding a new Regulation

4Comply includes default regulations for GDPR, CASL, CCPA, and a fallback regulation “No Current Reg.” However, it does provide the ability to create new regulations using the API.

Create Regulation

When creating a new regulation, 4Comply creates an empty Regulation Configuration.

In order to create a new regulation you can do a request to the POST /regulations endpoint with a JSON Object that includes name, and note.

{
	"name": "TestReg",
	"long_name": "Test Regulation",
	"note": "Test Regulation Notes",
	"enabled": true
}

This endpoint is described in the API reference here.

Next, you must update the Regulation Configuration to suit the regulation processing.

Update Regulation Config

Each regulation requires some configuration elements that define how 4Comply processes consent and permissions.

The configuration can be updated using the regulation endpoint PUT /regulation/{id}/config.

The configuration request has the following elements in Json format:

  • RegulationId
  • Config
    • derived_permission_types: An array with the permission types supported by the regulation
    • processing_purposes: An Json array with the processing purposes supported
    • permission_category_translation: Identifies how the category must be displayed in the regulation section, it only affects the UI
    • processing_purpose_translation: Identifies how the processing purposes must be displayed in the regulation section, it only affects the UI

The next is an example taken from the GDPR Regulation:

{
    "regulationID": "Id",
    "config": {
        "derived_permission_types": [{
                "name": "Process Data",
                "explicit_permission_types": [
                    "Process Data",
                    "Communicate - SMS",
                    "Communicate - email",
                    "Communicate Electronically"
                ],
                "expiry_behavior": "delete",
                "default_permission_value": "no"
            }, {
                "name": "Communicate - email",
                "explicit_permission_types": [
                    "Process Data",
                    "Communicate - email",
                    "Communicate Electronically"
                ],
                "expiry_behavior": "delete",
                "default_permission_value": "no"
            }
        ]
    },
    "processing_purposes": [{
            "name": "Asset download with consent",
            "ttl_months": 60,
            "consent_requirement": true,
            "permission_category": "Consent"
        }, {
            "name": "Asset download without consent",
            "ttl_months": 3,
            "consent_requirement": false,
            "permission_category": "Legitimate Interest"
        },
    ],
    "permission_category_translation": "Basis for Processing",
    "processing_purpose_translation": "Processing Purpose"
}

You can refer to the API Reference for more information.