cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Create, upload, and share

Find help to solve issues with creating, uploading, and sharing files and folders in Dropbox. Get support and advice from the Dropbox Community.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GDPR Compliance for Personal / Free Accounts

Labels:

GDPR Compliance for Personal / Free Accounts

TomMacD89
Explorer | Level 3
‎05-03-2018 10:54 PM
Go to solution
Hi,

I work with various charities in the UK who often use free Dropbox accounts to share files for boards of trustees, teams etc.

There is some confusion as to whether the GDPR compliance steps that Dropbox have made apply to these accounts or only to those on Dropbox Business.

Could this be clarified please?
Labels:
  • 0 Likes
  • 71 Replies
  • 19.5K Views
0 Likes
71 Replies 71

aukevn
Helpful | Level 7
‎05-23-2018 09:51 AM
Go to solution

The EU GDPR clearly states that you need a Data Processing Agreement with all those who process our data. Therefor businesses in Europe cannot use a Dropbox Free or Personal account to store personal data as Dropbox will not 'sign' such agreements with those customers. Our legal advisor conforms that and Dropbox has admitted this is the case and 'advices' to upgrade to a Business Account.

SouthHams
New member | Level 2
‎05-23-2018 01:12 PM
Go to solution

I am involved in a similar charity organisation.  I am concerned about the location of the files I hace containing personal information.  From the ICO website I note the following

 

"At a glance

The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations.

These restrictions are in place to ensure that the level of protection of individuals afforded by the GDPR is not undermined.

In brief When can personal data be transferred outside the European Union?

Personal data may only be transferred outside of the EU in compliance with the conditions for transfer set out in Chapter V of the GDPR."

 

Could you give guidance Please

 

SouthHams

0 Likes

aukevn
Helpful | Level 7
‎05-23-2018 01:18 PM
Go to solution

Our legal advisor tells us storing outside the US is not the issue, as long as they comply with the GDPR and provide a DPA

Ed
Dropbox Staff
‎05-23-2018 01:41 PM
Go to solution
Hi All

To add to that:
Our Dropbox Terms of Service and Privacy Policy govern Dropbox Basic, Professional and Plus products while our DPA is only applicable for Dropbox’s Business users. Additionally, Dropbox is bound by the language of the Privacy Policy with respect to Dropbox Business customers and the users on a Dropbox Business team.

While Data Processing Amendments are only for Dropbox Business customers, Dropbox will meet the requirements of the GDPR by May 25, 2018 as required across all its services, including Dropbox Basic, Plus, Pro, and Business.


Ed G
Community Manager @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please mark it for some Kudos below. 
:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
:arrows_counterclockwise: Still stuck? Ask me a question! (Questions asked in the community will likely receive an answer within 4 hours!)

aukevn
Helpful | Level 7
‎05-23-2018 01:51 PM
Go to solution

Sorry Ed, you can't state that you will meet all requirements. If you don't provide DPA's, you don't comply with the GDPR for any business using Free or Personal accounts to store personal data. No matter how many security measures you take or privacy policies you write.

 

One simple agreements would solve that but up to now your company is unwilling to provide this. It seems this is driven more by the desire for more profit than any technical reason, since you state that everything is in place by the GDPR.

noerpol
Helpful | Level 5
‎05-23-2018 02:31 PM
Go to solution

I am a Dropbox Plus customer, and I was searching everywhere on dropbox.com for the DPA. I couldn't understand why it was so difficult to find, until i finally found (stumble upon) this thread.

 

I don't understand why a DPA is not available to ALL (or at least all paying) users, and why it is so difficult to get good valid information regarding aquiring an DPA from Dropbox.

 

GDPR clearly states that i need a DPA to be compliant with the law and for now the only solution seems to be an upgrade to business. As i really dont think i'll be able to afford that in the long run, I feel kinda let down by a service i have been using and promoting to others for many years 😞

oobayly
New member | Level 2
‎05-24-2018 02:47 AM
Go to solution

It does appear to be a cynical move by companies to force customers to pay more by only providing a DPA for business accounts (which will remain completely under utilised).

 

I store 1.8GB of data (most of which are PDF raster scans for our purchase ledger. I don't need 2TB, I don't need 3 users, I don't need API access. In fact I need very little of what Dropbox Business provides.

 

I use Dropbox to store documents in a manner that I can access from multiple locations, that's it. Rather than offering a simple solution to small businesses and sole traders who only need a single user,  Dropbox are saying "Pay for our business solution, that you'll completely under-utilise", or don't use us at all.

 

I'll be opting for the latter, and not using it at all...

 

 

claires
Helpful | Level 5
‎05-25-2018 03:52 AM
Go to solution
@JB13 wrote:

Actually, Google and Mailchimp are providing DPAs to non-fee paying accounts - they use model contract clauses. So I wonder whether Dropbox could also do this?


Hi JB13 - could you point me in the direction of the info for a DPA on Google non-fee paying accounts?  It's something I haven't managed to find.

 

many thanks!

 

Claire

0 Likes

claires
Helpful | Level 5
‎05-25-2018 03:56 AM
Go to solution
@Ed wrote:
Hi All

To add to that:
Our Dropbox Terms of Service and Privacy Policy govern Dropbox Basic, Professional and Plus products while our DPA is only applicable for Dropbox’s Business users. Additionally, Dropbox is bound by the language of the Privacy Policy with respect to Dropbox Business customers and the users on a Dropbox Business team.

While Data Processing Amendments are only for Dropbox Business customers, Dropbox will meet the requirements of the GDPR by May 25, 2018 as required across all its services, including Dropbox Basic, Plus, Pro, and Business.

So, what I take from this is that business users can have a DPA - which allows them to use Dropbox to store personal data they are controllers for.   If you have a basic account - Dropbox will be GDPR compliant in terms of what they have to do to store our details i.e. Dropbox customers data who are from the EU (not personal data that their customers are controllers of).

0 Likes

aukevn
Helpful | Level 7
‎05-25-2018 04:00 AM
Go to solution

They are complient as far as individual users are concerned, but not if you use their service for work related items. So Dropbox can not be used by contractors/people who are self employed or small businesses who do not require 3 user accounts.

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Thomas Riesler SFF New member | Level 2
  • User avatar
    siri1 Helpful | Level 5
  • User avatar
    claires Helpful | Level 5
  • User avatar
    louisebeattie Helpful | Level 5
What do Dropbox user levels mean?