cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
We are making some updates so the Community might be down for a few hours on Monday the 11th of November. Apologies for the inconvenience and thank you for your patience. You can find out more here.

Create, upload, and share

Find help to solve issues with creating, uploading, and sharing files and folders in Dropbox. Get support and advice from the Dropbox Community.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: GDPR Compliance for Personal / Free Accounts

Labels:

GDPR Compliance for Personal / Free Accounts

TomMacD89
Explorer | Level 3
‎05-03-2018 10:54 PM
Go to solution
Hi,

I work with various charities in the UK who often use free Dropbox accounts to share files for boards of trustees, teams etc.

There is some confusion as to whether the GDPR compliance steps that Dropbox have made apply to these accounts or only to those on Dropbox Business.

Could this be clarified please?
Labels:
  • 0 Likes
  • 71 Replies
  • 23.7K Views
0 Likes
1 Accepted Solution

Accepted Solutions

Mark
Super User II
‎05-04-2018 10:26 AM
Go to solution
Hi Tom

As somebody in the UK the biggest thing you need to make sure is that the end users whos data is being stored is aware of it being stored AND that it is stored outside of the EU. Same goes if they email things in they need to know where those email servers are (e.g. Office365 = USA etc.).

 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

View solution in original post

71 Replies 71

Norah
Dropbox Staff
‎05-04-2018 03:33 AM
Go to solution
 
Hi TomMacD89, thanks for checking in!
 
Dropbox will meet the requirements of the GDPR by May 25, 2018 as required across all its services, including Dropbox Basic, Plus, Professional, and Business.
 
You can read about our GDPR preparation, as well as our approach to safeguarding your data at our GDPR guidance center.
 
I hope this helps!


Norah
Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please mark it for some Kudos below. 
:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
:arrows_counterclockwise: Still stuck? Ask me a question! (Questions asked in the community will likely receive an answer within 4 hours!)

Mark
Super User II
‎05-04-2018 10:26 AM
Go to solution
Hi Tom

As somebody in the UK the biggest thing you need to make sure is that the end users whos data is being stored is aware of it being stored AND that it is stored outside of the EU. Same goes if they email things in they need to know where those email servers are (e.g. Office365 = USA etc.).

 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

aukevn
Helpful | Level 7
‎05-19-2018 03:39 AM
Go to solution

Hi Norah,

 

The information given here confuses me. Your product support told me I need to upgrade from a personal account to a business account to comply with the GDPR and have the proper agreement in place. Can you please clarify if this is indeed necessary? We share sensitive data with hundreds partners, most of whom are very small (one person) businesses. I need to know if their free or personal accounts will be compliant to the GDPR.

 

Kind regards,

Auke

Mark
Super User II
‎05-19-2018 06:17 AM
Go to solution
Have you read the links supplied Aukevn?

It depends who you need Dropbox to be doing in order for you to decide if it is compliant or not. Dropbox on its own IS compliant because of how the data is stored etc. But, if you deem you need additional controls (maybe access logs etc.) then you will need a higher package than a Free or Personal account.

 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

0 Likes

aukevn
Helpful | Level 7
‎05-19-2018 06:28 AM
Go to solution

Yes, and I found out your statement about the Personal and Free accounts is WRONG!!!

 

In order to comply with the regulations, you need to sign a Data Protection Agreement with all your business partners who process customer data. Dropbox only offers this to Business Accounts. So eventhough you may store the data of the Personal and Free accounts in compliance with the law, by not allowing your customers with these accounts to sign an agreement they can't comply and can't use Dropbox to store business data that contains personal data of customers.

 

For large organizations, your Business account is a solution, but we have over 100 business customers who are independent contractors. They can't affort to pay the 3 accounts you require as a minimum for the Business account (they would need only 1), so they can't use Dropbox anymore.

 

Kind regards,

Auke

 

 

Mark
Super User II
‎05-19-2018 06:36 AM
Go to solution
It is not incorrect at all.

I'm in the UK and it is acceptable to use things like Safe Harbour to do so as the requirements are based upon the specifics of individuals things may be different (I deal with parents of children in a swim school, not holding massive amounts of personal data etc.).

So, I have informed all my staff and customers that I use Dropbox (and Office365 incidentally), what I store on it, how I store it and how we have risk assessed its safe (e.g. the Safe Harbour compliance etc.) and I'm leaving it at that.

 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

aukevn
Helpful | Level 7
‎05-19-2018 06:41 AM
Go to solution

First of all a correction, I refered to the statement of Norah, not yours Mark, sorry.

 

Your situation is different than ours. We share sensitive information with our partners. We have a Business account but most of them can't affort it. Our lawyers states that our customers must also have a Data Processing Agreement with Dropbox, but with their Personal and Free accounts they can't unfortunately.

 

Cheers,

Auke

 

Mark
Super User II
‎05-19-2018 06:45 AM
Go to solution
I'm afraid you are stuck then - and I doubt you'll get this with any organisation without paying massive amounts (because to do so is very labour intense).

If they are stating this make sure you are also investigating things like your email providers etc.

 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

0 Likes

aukevn
Helpful | Level 7
‎05-19-2018 07:20 AM
Go to solution

As far as I can see, Dropbox could either provide a single person business account, or just make the agreement applicable to their other types of accounts. Maybe it is good business for them :sunglasses:

Need more support?