The General Data Protection Regulation (GDPR)

The General Data Protection Regulation, or GDPR, is an EU regulation that establishes a legal framework to protect the personal data of EU data subjects. The GDPR is the most significant piece of European data protection legislation since the EU Data Protection Directive of 1995, and many companies—including Dropbox—that do business in Europe have invested heavily in GDPR compliance.
 

The GDPR harmonizes data protection laws across Europe, and brings them up to speed with the rapid technological change that has occurred in the past two decades. It builds upon past legal frameworks in the EU, including the EU Data Protection Directive, and introduces new obligations and liabilities for organizations that handle personal data, as well as new rights for individuals in respect of their personal data. Organizations that are established in the EU, as well as organizations that process personal data of EU data subjects, are required to comply with the GDPR.

How does Dropbox comply with the GDPR?

Dropbox is committed to the security and the protection of our users' data in line with legal requirements and best practices at all times. In line with our commitment to our users, we have worked hard to ensure that Dropbox is GDPR compliant, including appointing a Data Protection Officer; re-architecting our privacy program to ensure that users can exercise their data subject rights; documenting our data processing activities; and bolstering our internal processes in the event of a security breach.

We continue to make adjustments to ensure that, as further guidance continues to emerge from data protection authorities, our process and practices meet or exceed specific elements of the GDPR.

More information about Dropbox’s privacy practices can be found in the Dropbox Trust Center.

Learn more about the Dropbox Trust Center.