cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Not happy with your Spotify Wrapped? Check out how Kevin on the Dropbox team used Paper to make sure he keeps discovering new music over here.

Create, upload, and share

Find help to solve issues with creating, uploading, and sharing files and folders in Dropbox. Get support and advice from the Dropbox Community.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
1
Ask
2
Comments

Re: GDPR Compliance for Personal / Free Accounts

Is Dropbox plus GDPR compliant?

AnitaP
New member | Level 2

Hi

I currently store client information I work on via my Dropbox Plus account. Please would you confirm that Dropbox Plus meets the GDPR criteria that everyone is rushing to comply with at the moment? I understand that Dropbox Business is, but it is not expressly stated that my files in the Plus account would be treated in the same secure way. I do not need a Business account as the Plus account serves my needs.

Please would you confirm that the data storage services you offer on Dropbox Plus comply with the EU/US Privacy Shield?

Re: Is Dropbox plus GDPR compliant?

Mark
Super User II
Hi Anita

Have a look at https://www.dropboxforum.com/t5/Sharing-and-collaboration/GDPR-Compliance-for-Personal-Free-Accounts...

Dropbox IS GDPR compliant, but, like most of this stuff its based upon your own Risk Assessments.

I am using Dropbox to store information on my business (swim school enrolments, first aid course records and employee information) and have been told as long as I am clear with the customers and clients where and how I store it that is fine. It is the same with emails (think Office365/Hotmail or Gmail) as you'll never get them to send you a personal contract of compliance. There has to be a bit of common sense applied to things.

My legal and HR teams are quite happy with the continued use of Dropbox based upon its updated Safe Harbour compliance and, as I said above, informing people what I do with their data.

 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

Re: GDPR Compliance for Personal / Free Accounts

JB13
New member | Level 2

Actually, Google and Mailchimp are providing DPAs to non-fee paying accounts - they use model contract clauses. So I wonder whether Dropbox could also do this?

Re: GDPR Compliance for Personal / Free Accounts

aukevn
Helpful | Level 7

Dropbox does that too, but only for Business Account holders with a minimum of 3 users. So even if you pay for a Personal account they don't provide anything and small one person businesses are toast

Re: GDPR Compliance for Personal / Free Accounts

louisebeattie
Helpful | Level 5

It would seem rather short sighted not to make a simple electronic agreement available for personal and plus account holders in the way that Evernote and many other large companies are doing.

A business account just doesn't make sense for me, and my solicitor has advised me that I do need a DPA agreement or should stop using the service.

Re: GDPR Compliance for Personal / Free Accounts

aukevn
Helpful | Level 7

I agree. It took me about 5 email to get Dropbox support to say clearly that "yes, Bacis and Personal accounts can't get a DPA". I have asked them to reconsider but as they try to get us on their Business accounts I don't expect them to change. When I asked if they could guarantee my data to be stored in Europe rather than the US their answer was that it can be negotiated if you have more than 250 users. Up there in the clouds..

Re: GDPR Compliance for Personal / Free Accounts

KWCS
New member | Level 2
They are going to lose LOADS of EU customers if they don't / can't provide a general DPA for non business account holders (me being one of them, as I too keep all my business docs on Dropbox, but run a micro / one man band business).
I agree with you @aukevn it must surely be in their own interest to do this or supply a 1 user Business plan. - Seems they are cutting off their nose to spite their face here!

Re: GDPR Compliance for Personal / Free Accounts

Norah
Dropboxer
 
Hi aukevn, JB13, louisebeattie, KWCS, I hope you’re doing great! 
 
@aukevn and @JB13, I run a small search on my end and I can see that your cases are being handled by a higher level of Support. 
 
I truly understand your concern and I will make sure your comments are passed along to the appropriate department.
 
In case you have any further inquiries, let me know here and I'll check back with you.
 
Have a great day ahead!



Norah
Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please mark it for some Kudos below. 
:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
:arrows_counterclockwise: Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Re: GDPR Compliance for Personal / Free Accounts

aukevn
Helpful | Level 7

Thanks Norah, I really hope Dropbox will change this. Currently the statement that the Basic and Personal accounts comply to the GDPR are false.

 

Kind regards,

Auke

Re: GDPR Compliance for Personal / Free Accounts

Mark
Super User II

It is compliant - from all of the legal advice I've been given for my own personal businesses they are compliant. The biggest risk we have is from my devices so thats where we had to tighten things up.

As Dropbox is part of the US Privacy Shield is is more than robust to use:
https://www.privacytrust.com/privacyshield/gdpr-vs-privacy-shield.html
https://www.transatlantic-lawyer.com/2018/03/is-privacy-shield-gdpr-compliant/

I do think a lot of this is because the guidance is so wooly around what we can and cannot do though. I honestly think its going to be one of these regulations thats going to dramatically change due to court cases or similar over the next few years (with big companies, not us small fry) when things like TalkTalk happen (again!) and that we need to keep an eye on the Privacy Shield thing above as that is likely to be dramatically updated. 


 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

Need more support?