You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
TomMacD89
7 years agoExplorer | Level 3
GDPR Compliance for Personal / Free Accounts
Hi, I work with various charities in the UK who often use free Dropbox accounts to share files for boards of trustees, teams etc. There is some confusion as to whether the GDPR compliance steps ...
- 7 years agoHi Tom
As somebody in the UK the biggest thing you need to make sure is that the end users whos data is being stored is aware of it being stored AND that it is stored outside of the EU. Same goes if they email things in they need to know where those email servers are (e.g. Office365 = USA etc.).
Norah
Dropbox Staff
Dropbox will meet the requirements of the GDPR by May 25, 2018 as required across all its services, including Dropbox Basic, Plus, Professional, and Business.
You can read about our GDPR preparation, as well as our approach to safeguarding your data at our GDPR guidance center.
I hope this helps!
aukevn
7 years agoHelpful | Level 7
Hi Norah,
The information given here confuses me. Your product support told me I need to upgrade from a personal account to a business account to comply with the GDPR and have the proper agreement in place. Can you please clarify if this is indeed necessary? We share sensitive data with hundreds partners, most of whom are very small (one person) businesses. I need to know if their free or personal accounts will be compliant to the GDPR.
Kind regards,
Auke
- Mark7 years agoSuper User IIHave you read the links supplied Aukevn?
It depends who you need Dropbox to be doing in order for you to decide if it is compliant or not. Dropbox on its own IS compliant because of how the data is stored etc. But, if you deem you need additional controls (maybe access logs etc.) then you will need a higher package than a Free or Personal account.- aukevn7 years agoHelpful | Level 7
Yes, and I found out your statement about the Personal and Free accounts is WRONG!!!
In order to comply with the regulations, you need to sign a Data Protection Agreement with all your business partners who process customer data. Dropbox only offers this to Business Accounts. So eventhough you may store the data of the Personal and Free accounts in compliance with the law, by not allowing your customers with these accounts to sign an agreement they can't comply and can't use Dropbox to store business data that contains personal data of customers.
For large organizations, your Business account is a solution, but we have over 100 business customers who are independent contractors. They can't affort to pay the 3 accounts you require as a minimum for the Business account (they would need only 1), so they can't use Dropbox anymore.
Kind regards,
Auke
- Mark7 years agoSuper User IIIt is not incorrect at all.
I'm in the UK and it is acceptable to use things like Safe Harbour to do so as the requirements are based upon the specifics of individuals things may be different (I deal with parents of children in a swim school, not holding massive amounts of personal data etc.).
So, I have informed all my staff and customers that I use Dropbox (and Office365 incidentally), what I store on it, how I store it and how we have risk assessed its safe (e.g. the Safe Harbour compliance etc.) and I'm leaving it at that.
About Create, upload, and share
Find help to solve issues with creating, uploading, and sharing files and folders in Dropbox. Get support and advice from the Dropbox Community.
Need more support
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!