Europe’s General Data Protection Regulation (GDPR), a European Union regulation that marks a significant change to the existing framework for processing personal data in the EU, comes into effect exactly one year from today. As the important date draws nearer, IT and business leaders are increasingly focused on the real-world implications of the new European data protection framework.
Where the GDPR was once a topic of interest mainly to lawyers and policy experts, it’s now a priority for businesses of all kinds, from major corporates to SMEs.
At Dropbox, we are committed to the privacy and security of our users’ data. We have strong data protection and security measures in place (including ISO 27018 certification), so we are already well positioned to meet many of the obligations of the GDPR and are on the way to full compliance in advance of 25 May 2018. But even with a head-start, complying with the GDPR is a major undertaking which requires a great deal of preparation on all levels of our business. From our own experience and from talking to our customers, we fully appreciate the scale of the exercise.
The GDPR aims to encourage companies to rethink their approach to data protection, so its impact is far-reaching. Complying with the new framework will require businesses to examine and possibly make changes to how their IT systems are engineered, how products are developed and marketed, how they work with suppliers and, of course, their security strategies.
Over the next few months, we’ll be providing some helpful explanations of GDPR principles to assist with our customers’ due diligence and compliance preparation such as working with their suppliers and ensuring privacy by design.
We are also looking for GDPR compliance journey stories to feature on the Dropbox Business Blog. If you have an experience you would like to share, do get in touch.