What are the opinions regarding using dropbox to receive clients data and send accounts / returns etc
Functionally it seems fine but what about security?
Replies (16)
Please login or register to join the discussion.
I've never heard of security issues with it. There are concerns from the GDPR point of view as your data won't necessarily be stored in the EEA.
On top of that clients who already use Dropbox have found it difficult to access my own Dropbox. That could be because I'm hopeless at IT of course.
I'm moving everyone to Iris Open Space over the next few months and only keeping Dropbox for backing up my website.
I use it for same things you do but ,moving away from it as my IT bods reckon its not secure enough and not GDPR compliant.
Clients do find it easy to use though so things will probably be more difficult going forward.
I was on the paid for version which is supposed to be more secure than the free one.
what reason did they give for saying that Dropbox is not secure and not GDPR compliant? Sounds like nonsense to me but I stand to be corrected
They advised me that as also have a professional Office 365 subscription that sharepoint within that would be free and it is also more secure.
I have no idea if it is or isn't which is why I pay a professional to look after it all, so it one less thing I have to worry about.
I've used the paid for version for a number of years to send and receive client backups and never had any issues with security.
Only issue I've had is, as Moonbeam mentioned when I create a folder for a user who already has Dropbox they don't always end up where you think but easily sorted by the client sending a link.
As for GDPR, Dropbox seem to think that they are compliant: https://www.dropbox.com/security/GDPR
I have been using Dropbox for many years together with BoxCryptor, which provides client-side encryption (i.e. the files would be unreadable to anyone within Dropbox or anyone who hacks Dropbox).
Thought this might help I asked Dropbox to clarify GDPR on our GDPR audit . This is a email from Dropbox support.
From: "Mark (Dropbox Support)"
Date: 30 May 2018 at 17:26:31 GMT+1
To:
Subject: TEAMS: GDPR Urgent
Reply-To: Dropbox Support
Mark, May 30, 9:26 AM PDT:
Hi there,
Thank you for reaching out about this.
Dropbox will meet the requirements of the GDPR by May 25, 2018 as required across all its services, including Dropbox Basic, Plus, Professional, and Business.
You can read about our GDPR preparation, as well as our approach to safeguarding your data at our GDPR guidance center:
https://www.dropbox.com/security/GDPR
Please let me know if I can help you with anything else!
Regards,
Mark
Whilst this AI and machine learning is great, what would be much better is if you could send a punch to someone over the internet.
I don't mean a virtual punch either.
Top of my list for the punch emails would be any one who uses "Reaching Out"
How good would it be if someone who uses these ridiculous phrases opened an email and received a smack in the kisser.
I looked at Dropbox recently re GDPR. The problem I identified was that for Dropbox Basic , Professional and Plus a data processor addendum is not available . They will only provide a DPA if you are using the Business Team version which for smaller practices may not be an option ( per the same Mark in Sarah's post above).
Where we as accountants (data controllers) engage a service like Dropbox ( data processors) my reading of GDPR is that article 28 section 3 requires a contract ( either as a separate item or as part of the main terms and conditions) which gives certain very specific assurances e.g. about subprocessors . It seems to me that Dropbox are not doing this ( unless you opt for the Business Team edition).
They are not alone in this - I had similar problems with Adobe sign and I have come across other providers who seem to be blissfully unaware of the requirements.
I remain to be convinced that 'security' can exist at all other than as a figment.
HMG is intent on legislating the concept out of existance.
All '365' systems depend on Azure, owned by Msft. Albeit Microsoft Ltd is a UK registered company, they are (owned by)/(in thrall to) a USA corporation and, as such, are obligated to give Homeland Security [sic] unfettered access on request.
I think 'pretty secure' is the best we can hope for in the 'cloud' - or perhaps 'adequately secure' or 'insurably secure'.