Dropbox for Business adopts ISO 27018 cloud privacy standard

Cloud storage provider Dropbox has announced that Dropbox for Business now adheres to the ISO 27018 standard, which is believed to be one of the first international standards focusing on protecting personal data in public clouds.

The standard, which was published last August as a new component to add to ISO 27001, aims to clarify how data controllers and data processors keep Personally Identifiable Information (PII) private and secure in cloud environments, and also requires adopting cloud providers to be transparent about what they do with the customer data and where they host it.

In a statement the company, which was awarded the certification, which runs until 30 September 2017, by EY CertifyPoint, said the move would give users more confidence in its platform, particularly enterprise users.

“We're pleased to be one of the first companies to achieve ISO 27018 certification,” the company said. “Privacy and data protection regulations and norms vary around the world, and we're confident this certification will help our customers meet their global compliance needs.”

“Businesses in the UK and all over the world are trusting Dropbox to make collaboration easier and boost productivity,” added Dropbox UK manager Mark van der Linden in comments to the press.

“Our ISO 27018 accreditation shows we put users in control of their data, we are transparent about where we store it, and we operate to the highest standards of security. Dropbox is one of the first cloud services for business to be recognised with this latest independently-verified standard.”

Earlier this year, SCMagazineUK.com reported that Microsoft certified Azure, Intune, Office 365 and Dynamics CRM Online under the new ISO standard.