Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Solved
GDPR Compliance for Personal / Free Accounts
Hi,
I work with various charities in the UK who often use free Dropbox accounts to share files for boards of trustees, teams etc.
There is some confusion as to whether the GDPR compliance steps that Dropbox have made apply to these accounts or only to those on Dropbox Business.
Could this be clarified please?
I work with various charities in the UK who often use free Dropbox accounts to share files for boards of trustees, teams etc.
There is some confusion as to whether the GDPR compliance steps that Dropbox have made apply to these accounts or only to those on Dropbox Business.
Could this be clarified please?
- Hi Tom
As somebody in the UK the biggest thing you need to make sure is that the end users whos data is being stored is aware of it being stored AND that it is stored outside of the EU. Same goes if they email things in they need to know where those email servers are (e.g. Office365 = USA etc.).
71 Replies
Replies have been turned off for this discussion
- I have been a paid Dropbox user for many years and when I first signed up my account type was called Pro and this was only changed last year. Pro to me meant professional and I do use it for business and I need a DPA in place with all of my providers who are data processors/store personal data.
As a long term paid client, on what I believed to be a Pro account, the Dropbox stance is extremely disappointing. It's not that I can't afford a business Dropbox account, however, it is the fact that the Business account doesn't fit my needs, I don't have a team of three and as a business owner there is no business sense in paying for a service that I don't require just to get a DPA in place when there are other providers who meet my requirements and offer a DPA.
I really do not understand Dropbox' logic in this. They are alienating many long-term paying clients because they have chosen not to implement something that could be done very easily and cost-effectively by adding the DPA as an addendum to the T&C.
I see no indication from Dropbox that they are re-considering this stance which leads me to assume that they are obviously not interested in having solopreneurs, freelancers etc as clients.
I have already found good alternatives and am already in the process of uploading my data, which is a pain with my slow internet connection, however, unless there is a change in policy soon I will be cancelling my account before renewal after 7 years as a happy client. Hi Ed,
thank you so much.
AS
- pCloud will be implementing a DPA, Tresorit, I believe Google Drive but don't know for sure.
Hi all on this thread, which I have come to as my small Social Enterprise is looking into how we implement the GDPR. Looking at everything said here has made me think I will look for an alternaive to Drop Box - at the moment I use a paid for Plus account but its not a business account - and therefore does not do what I need it to do to ensure my organisation's is compliant with the law in the EU with regards a DPA.
- What alternative service have you chosen? I'm sure we're many who consider to follow the same path...
I have chosen pCloud - they are in the process of putting together a DPA for their clients at my request, and it is with their legal team just now. Service to date has been excellent and very responsive.
Thanks Louisebeattie. Do you know if this is for their free accounts or their premium or business accounts?
you would have to ask, I have a lifetime deal via appsumo.
Just been on pClouds live chat and this is their response:-
"With its IaaS business model, pCloud provides storage infrastructure for your files, but does not process the information, contained in them. In other words, you may store your data subjects' personal information in pCloud for Business, but we in no way index, access or use this information in its plain form. Therefore, you don't need a DPA between your organization and pCloud AG."
I'm not sure they truely understand GDPR.
They have however escalated my query to management.
We have on one the side cloud services, that offer DPA, where I assume that European cloud services do, and I am already checking out the German market. On the other hand are we, who want to store personal information in the cloud, as far as I understand still obliged to encode our files. It isn't all that easy with responsibilty and cloud.
But, yes, we need a DPA, and yes, I would personally not set on it, that all companys outside GDPR territory have a full grasp of the subject when we ask in.
