--- title: Data cloud GDPR-compliant? An alternative to Dropbox, Google Drive, One Drive and the like. - isla Studio url: https://isla-stud.io/en/ratgeber/daten-cloud-dsgvo-konform-eine-alternative-zu-dropbox-google-drive-one-drive-und-konsorten/ date: 2021-11-02 --- # Data cloud GDPR-compliant? An alternative to Dropbox, Google Drive, One Drive and the like. For many years, I have integrated the Dropbox cloud service into my infrastructure: all backups, customer assets (graphics, images, text files and documents, Excel lists and database exports) required for the development of web projects were stored in my Dropbox, and it was easy to share data with my customers using the Dropbox sharing functionality. Collaboration on documents was possible and much more. So, as a freelance developer, I bought a business plan with Dropbox: the Professional plan with 3TB of storage and lots of great features. After the new GDPR regulations came into force in the EU in May 2018, I contacted Dropbox customer service to find out how I could use Dropbox as a business customer in a GDPR-compliant manner in future. I was informed that solutions would be made available shortly. In fact, however, they only referred to the EU Privacy Shield agreement and simply did not provide a solution. For companies and individual businesses based in the EU, this ended up being a legal gray area. To this day, Dropbox refers in its data protection guidelines to the EU Privacy Shield, which was declared legally invalid by the ECJ on July 16, 2020. Although EU standard contractual clauses have now been integrated into Dropbox's data protection guidelines, this is unfortunately not enough for Dropbox to be used as a German company. The locations of the servers on which the data is stored must also be in the EU. And it is precisely this data migration to a server in the EU that Dropbox only offers under the following conditions: You must subscribe to at least the Business Standard plan At least 10 users must be booked A subscription with annual billing must be taken out The Dropbox in my Business Professional plan with only one user is not sufficient for this. The annual price for Business Professional is €198.96/year, but the annual price for the above-mentioned minimum tariff for “somehow” GDPR-compliant operation of Dropbox is at least €1,200/year. I only received this information from Dropbox Business Support a few days ago. I then researched ways to still be able to use Dropbox in a GDPR-compliant manner - even without having my data migrated to the EU. I found a very promising tool called Boxcryptor. Boxcryptor first encrypts the data before storing it in Dropbox. The operating company has its headquarters and server location in Germany, an ISO/IEC 27001:2013-certified data center and can also securely encrypt the data that is to be stored in iCloud, Microsoft OneDrive, Google Drive and many other US cloud providers (currently 30 providers are supported) in advance, thus protecting it from unauthorized access. Info about Boxcryptor Boxcryptor also offers a sharing service that makes it possible to share encrypted files via a share link - very similar to the native Dropbox file sharing function. Boxcryptor's sharing service is called Whisply and is browser-based. In itself a great idea and very functional. But I found this “workaround” cumbersome during testing. And my customers were still not guaranteed an EU server location. However, some insisted on this. So there was only one option for me: ditch Dropbox and store my work data on a self-hosted server in Germany. So I went in search of an open source cloud storage script that would has a sharing feature on board, that I can run on my own server, that is accessible from my other devices via app and ensures flawless synchronization. My software solution is called “Seafile”. Up to a maximum of 3 users can use the Pro version with a free license. But Seafile is also interesting for small and larger teams in terms of price. I registered a user account on seafile.com and thus gained access to the source files, the Github repository of Seafile and the extensive documentation. I then set up a LEMP stack on one of my root servers at Netcup GmbH (simply enter the voucher code for new customers worth € 5 during the ordering process: 36nc16160577660) in Karlsruhe for use with Seafile: Ubuntu 20.04 LTS, Nginx, MariaDB, a subdomain with a proxy setup for Seafile, PHP 7.4 and 8.x were also installed alongside the Python libs required for the tool. I then installed Seafile on the prepared server and put my new GDPR-compliant company cloud into operation. I removed all the data from my Dropbox, moved the data on my local computer to the new Seafile directory and started the synchronization. Both the installation and the setup went smoothly and without any problems. Addendum on 18.11.2021: Even now, after some productive use, I am still very satisfied with this solution. It works flawlessly and is even much faster and better performing when syncing than my Dropbox ever was. Addendum on 21.03.2023: In the meantime, I have found a data protection-compliant cloud solution for less tech-savvy users. The product Storage Share from Hetzner - e.g. 5TB pre-installed Nextcloud for only € 16.89 / month. What do you think of these solutions? How have you solved the cloud storage issue in your company? I look forward to your answers in the comments section.