The General Data Protection Regulation 2016/679, or GDPR, is a European Union regulation that marks a significant change to the existing framework for processing personal data of individuals in the EU. The GDPR introduces a series of new or enhanced requirements that will apply to companies like Dropbox which handle personal data. It takes effect on 25 May 2018 and will replace the current EU Directive 95/46 EC, better known as the Data Protection Directive.
What are Dropbox’s plans for compliance with the GDPR?
Dropbox is committed to the security and the protection of our users' data in line with legal requirements and best practices at all times. As detailed in our Trust Guide and demonstrated by our existing practices, which are ISO/IEC 27018:2014 certified, we already conform with many of the provisions of the GDPR. In line with our commitment to our users, we are continuing to build and execute on our detailed GDPR compliance plans and are on the way to full compliance in advance of 25 May 2018. We are also making adjustments to ensure that, as further guidance continues to emerge from data protection authorities, our process and practices meet or exceed specific elements of the new rules.