With GDPR coming into effect 25th May 2018, new legal obligations come into force for companies and organisations in terms of how they handle and treat personal data supplied by customers and prospects. If you are using Dropbox at the moment for your business to store and share files, then here are 6 Things to Keep in Mind if Using Dropbox Post GDPR:
Control where your data is and how it’s stored, shared and accessed
1. Dropbox is Multi Tenanted
You’re sharing your cloud space with many other businesses and individuals by using Dropbox. Even though you log in with your own password, you are on a shared space.
Recommended reading: Private Cloud vs Public Cloud Explained
2. Does Using Dropbox Fit With Your Brand and Reputation?
Does your organisation want its customers to know that you are using a multi tenanted solution like Dropbox to store their personal data? Does it fit with your brand? This is of course a decision every business needs to make for itself.
But if customers were to find out that their personal data is being kept on a multi-tenanted solution, is that something that would bother them and cause potential reputational damage to your organisation?Does using Dropbox fit with your brand and reputation post-GDPR? Click To Tweet
3. Do You Know Where Your Data is Actually Being Stored?
If you are storing and sharing any customer data on Dropbox, you need to know exactly where that data is being kept by Dropbox on their servers because GDPR now requires you to be able to report to people if their data is being stored in the EEA or outside the EEA.
Recommended Reading: Do You Have Command and Control Over Your Data?
4. GDPR Compliance is Complex in the Cloud
There’s no two ways about it. GDPR compliance is complex in the cloud. We like tools like Dropbox and Google Drive because they are convenient and easy to use, however now that we have to respect and look after customers’ personal data much more stringently to avoid fines, then knowing the ins and outs of where exactly that data is being kept is complex.
5. The 30 Day Subject Access Timescale Might Be Tricky to Meet
GDPR requires now that all Data Subject Access Requests are done within 30 days. How will you ensure you can meet the 30 day Subject Access Request timeline if you need to refer a data request to Dropbox? How quickly will they respond to allow you to respond to your SAR?
6. Sharing from Dropbox is Easy But Is It Encrypted and Secure?
When you share a Dropbox file containing personal data to another party that is stored on Dropbox do you typically generate a file link and email it to them? Or maybe you share the link via a messenger app?
Can you say with authority how secure is this sharing process? Do you know how encrypted the email you are using is? Where is the security built into that process?
Recommended reading: Data Encryption Explained
Being aware of these 6 things if you are using Dropbox means you can start to put in place processes and checks to make sure that you are GDPR compliant.
Of course we are biased, but Rinodrive offers secure encrypted dedicated storage as well as encrypted sharing that is not open to the cloud or open to hacking.
Ready to give Rinodrive a go? Signing up for a free trial is just
Are you using Dropbox for your business? Did you find this article useful? Tell us your thoughts in the comments below.
Join our conversation ‘all about data’ on Twitter and LinkedIn. And keep up with what’s going on in the world of data by trusting us with your email for monthly mailings (and we store it on Rinodrive so it’s super safe).
About The Author:
More posts by