cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Create, upload, and share

Find help to solve issues with creating, uploading, and sharing files and folders in Dropbox. Get support and advice from the Dropbox Community.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is Dropbox plus GDPR compliant?

Labels:

GDPR Compliance for Personal / Free Accounts

TomMacD89
Explorer | Level 3
‎05-03-2018 10:54 PM
Go to solution
Hi,

I work with various charities in the UK who often use free Dropbox accounts to share files for boards of trustees, teams etc.

There is some confusion as to whether the GDPR compliance steps that Dropbox have made apply to these accounts or only to those on Dropbox Business.

Could this be clarified please?
Labels:
  • 0 Likes
  • 71 Replies
  • 19.6K Views
0 Likes
71 Replies 71

AnitaP
New member | Level 2
‎05-20-2018 01:49 PM
Go to solution

Hi

I currently store client information I work on via my Dropbox Plus account. Please would you confirm that Dropbox Plus meets the GDPR criteria that everyone is rushing to comply with at the moment? I understand that Dropbox Business is, but it is not expressly stated that my files in the Plus account would be treated in the same secure way. I do not need a Business account as the Plus account serves my needs.

Please would you confirm that the data storage services you offer on Dropbox Plus comply with the EU/US Privacy Shield?

0 Likes

Mark
Super User II
‎05-20-2018 02:05 PM
Go to solution
Hi Anita

Have a look at https://www.dropboxforum.com/t5/Sharing-and-collaboration/GDPR-Compliance-for-Personal-Free-Accounts...

Dropbox IS GDPR compliant, but, like most of this stuff its based upon your own Risk Assessments.

I am using Dropbox to store information on my business (swim school enrolments, first aid course records and employee information) and have been told as long as I am clear with the customers and clients where and how I store it that is fine. It is the same with emails (think Office365/Hotmail or Gmail) as you'll never get them to send you a personal contract of compliance. There has to be a bit of common sense applied to things.

My legal and HR teams are quite happy with the continued use of Dropbox based upon its updated Safe Harbour compliance and, as I said above, informing people what I do with their data.

 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

JB13
New member | Level 2
‎05-21-2018 11:06 AM
Go to solution

Actually, Google and Mailchimp are providing DPAs to non-fee paying accounts - they use model contract clauses. So I wonder whether Dropbox could also do this?

aukevn
Helpful | Level 7
‎05-21-2018 11:45 AM
Go to solution

Dropbox does that too, but only for Business Account holders with a minimum of 3 users. So even if you pay for a Personal account they don't provide anything and small one person businesses are toast

louisebeattie
Helpful | Level 5
‎05-22-2018 06:58 AM
Go to solution

It would seem rather short sighted not to make a simple electronic agreement available for personal and plus account holders in the way that Evernote and many other large companies are doing.

A business account just doesn't make sense for me, and my solicitor has advised me that I do need a DPA agreement or should stop using the service.

0 Likes

aukevn
Helpful | Level 7
‎05-22-2018 08:12 AM
Go to solution

I agree. It took me about 5 email to get Dropbox support to say clearly that "yes, Bacis and Personal accounts can't get a DPA". I have asked them to reconsider but as they try to get us on their Business accounts I don't expect them to change. When I asked if they could guarantee my data to be stored in Europe rather than the US their answer was that it can be negotiated if you have more than 250 users. Up there in the clouds..

KWCS
New member | Level 2
‎05-22-2018 11:29 AM
Go to solution
They are going to lose LOADS of EU customers if they don't / can't provide a general DPA for non business account holders (me being one of them, as I too keep all my business docs on Dropbox, but run a micro / one man band business).
I agree with you @aukevn it must surely be in their own interest to do this or supply a 1 user Business plan. - Seems they are cutting off their nose to spite their face here!
0 Likes

Norah
Dropbox Staff
‎05-23-2018 04:20 AM
Go to solution
 
Hi aukevn, JB13, louisebeattie, KWCS, I hope you’re doing great! 
 
@aukevn and @JB13, I run a small search on my end and I can see that your cases are being handled by a higher level of Support. 
 
I truly understand your concern and I will make sure your comments are passed along to the appropriate department.
 
In case you have any further inquiries, let me know here and I'll check back with you.
 
Have a great day ahead!


Norah
Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please mark it for some Kudos below. 
:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
:arrows_counterclockwise: Still stuck? Ask me a question! (Questions asked in the community will likely receive an answer within 4 hours!)

aukevn
Helpful | Level 7
‎05-23-2018 04:35 AM
Go to solution

Thanks Norah, I really hope Dropbox will change this. Currently the statement that the Basic and Personal accounts comply to the GDPR are false.

 

Kind regards,

Auke

Mark
Super User II
‎05-23-2018 09:44 AM
Go to solution

It is compliant - from all of the legal advice I've been given for my own personal businesses they are compliant. The biggest risk we have is from my devices so thats where we had to tighten things up.

As Dropbox is part of the US Privacy Shield is is more than robust to use:
https://www.privacytrust.com/privacyshield/gdpr-vs-privacy-shield.html
https://www.transatlantic-lawyer.com/2018/03/is-privacy-shield-gdpr-compliant/

I do think a lot of this is because the guidance is so wooly around what we can and cannot do though. I honestly think its going to be one of these regulations thats going to dramatically change due to court cases or similar over the next few years (with big companies, not us small fry) when things like TalkTalk happen (again!) and that we need to keep an eye on the Privacy Shield thing above as that is likely to be dramatically updated. 


 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

0 Likes
Need more support?