I come to ask advice. I my form I upload a bank file in pdf. This file must be protect.
What will you do to protect this file? Where I can upload this file?
If you upload it somewhere else then in your public folder then it should be fine. However, it should be probably the best idea to upload it somewhere where it is not your responsibility like for instance AWS S3 storage. Then all you store on your end is file reference and not actual file.
Indeed, gone are the days of casually storing anything really, GDPR changed a lot of things - and although it's been a major pain i the ass and taken the best part of a year to get everything I am responsible for in line, I do feel a lot better about everything and it's a great selling point when finding new customers.
While I also avoid Amazon like the plague (shocking ethics) I second the notion of handing the responsibility off to someone else!
If you are determined to store this data your self then you probably need to encrypt it somehow so not even you can read it at any point in the process. The regulations are a bit vague - but essentially in the event that something goes wrong you need to prove you have done everything you could reasonably be expected to to protect your customers data.
Sure, as soon as you are no longer storing data it is no longer your responsibility.
I would still check to make sure wherever it is stored it is considered 'compliant' and make sure your part of the application is solid i.e. it's pointless putting data into a secure storage facility if your app is full of holes and lets anyone else get to the data - third party storage is not a get out of jail free card.