Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Solved
GDPR Compliance for Personal / Free Accounts
Hi, I work with various charities in the UK who often use free Dropbox accounts to share files for boards of trustees, teams etc. There is some confusion as to whether the GDPR compliance steps ...
- Hi Tom
As somebody in the UK the biggest thing you need to make sure is that the end users whos data is being stored is aware of it being stored AND that it is stored outside of the EU. Same goes if they email things in they need to know where those email servers are (e.g. Office365 = USA etc.).
Mark
Super User II
Super User IIIt is not incorrect at all.
I'm in the UK and it is acceptable to use things like Safe Harbour to do so as the requirements are based upon the specifics of individuals things may be different (I deal with parents of children in a swim school, not holding massive amounts of personal data etc.).
So, I have informed all my staff and customers that I use Dropbox (and Office365 incidentally), what I store on it, how I store it and how we have risk assessed its safe (e.g. the Safe Harbour compliance etc.) and I'm leaving it at that.
I'm in the UK and it is acceptable to use things like Safe Harbour to do so as the requirements are based upon the specifics of individuals things may be different (I deal with parents of children in a swim school, not holding massive amounts of personal data etc.).
So, I have informed all my staff and customers that I use Dropbox (and Office365 incidentally), what I store on it, how I store it and how we have risk assessed its safe (e.g. the Safe Harbour compliance etc.) and I'm leaving it at that.
First of all a correction, I refered to the statement of Norah, not yours Mark, sorry.
Your situation is different than ours. We share sensitive information with our partners. We have a Business account but most of them can't affort it. Our lawyers states that our customers must also have a Data Processing Agreement with Dropbox, but with their Personal and Free accounts they can't unfortunately.
Cheers,
Auke
- MarkI'm afraid you are stuck then - and I doubt you'll get this with any organisation without paying massive amounts (because to do so is very labour intense).
If they are stating this make sure you are also investigating things like your email providers etc.As far as I can see, Dropbox could either provide a single person business account, or just make the agreement applicable to their other types of accounts. Maybe it is good business for them :sunglasses:
- Ed
Dropbox Staff
Hi All
To add to that:
Our Dropbox Terms of Service and Privacy Policy govern Dropbox Basic, Professional and Plus products while our DPA is only applicable for Dropbox’s Business users. Additionally, Dropbox is bound by the language of the Privacy Policy with respect to Dropbox Business customers and the users on a Dropbox Business team.
While Data Processing Amendments are only for Dropbox Business customers, Dropbox will meet the requirements of the GDPR by May 25, 2018 as required across all its services, including Dropbox Basic, Plus, Pro, and Business.
Actually, Google and Mailchimp are providing DPAs to non-fee paying accounts - they use model contract clauses. So I wonder whether Dropbox could also do this?
Dropbox does that too, but only for Business Account holders with a minimum of 3 users. So even if you pay for a Personal account they don't provide anything and small one person businesses are toast
- just about all the email providers that I know of, along with many other service providers, have put this in place very simply and effectively using one of two methods - adding the DPA as an addendum to their T&Cs, or using a standard one for the company which is electronically signed.
