1. sco
  2. General features
  3. Saturday, 25 January 2020
  4.  Subscribe via email

Hi Brothers, 

Thanks a lot for all your work. 

Actually Dropbox is used as main solution to store our data. 

Here ...somewhere in france, we are changing ou store solution form DropBax to MEGA which is more secure (data are not stored in US, so RGPD and encryption are enforced). 

Are you thinking or planned a futur setup allowing to configure the cloud storage solution ? 

thanks in advance for your time and answer. 

best regards 

Stefan Coursier - France - Montauban 

Comment
There are no comments made yet.
Marc
Members
Accepted Answer Pending Moderation
0
Votes
Undo

I am reading quite a few of these posts. So what I am writing now is not as an answer to SCO's question, but a general remark. I am not calling myself an expert on GDPR, but I spent quite some time around it, because of the work I do.

And honestly I believe all this talk about Dropbox being outside the EU or not encrypted is irrelevant to the GDPR. (I think it is relevant, but not to the GDPR). Some services (including Dropbox Business account) will encrypt your files and store them in e.g. Germany or Switzerland. That would fix location and encryption, and maybe create some peace of mind, but we shouldn't think then all of a sudden GDPR is fixed. Let me explain why I think so.

The GDPR specifies that Data Controller (congregation) and Data Processor (in this case cloud storage provider) have a Data Processing Agreement. It doesn't matter where the data physically are and how well they are protected or not. (At my place of work, when we run into a software problem, we may call the helpdesk for our dedicated business software. The IT people couldn't care less about the clients' data, but when they call in through Teamviewer, they can view them. Viewing according to GDPR amounts to processing. So they become our Data Processor and the whole thing cannot be done without DPA.)

I would be highly surprised if you could get any cloud storage provider ('processor')  to sign a DPA with your congregation ('controller') whether that is pCloud in Switzerland, MEGA (which is Google, right?), Strato in Germany, or Dropbox for that matter.

I know all these parties call themselves GDPR compliant. They would need a Data Protection Officer and they need to guarantee the rights of persons whose data are stored, i.e. the right to view their data, have them modified, deleted or frozen, etc. I am pretty sure they have taken care of all that. However, that does not mean you automatically have a DPA with them once you start to use their services. 

If we could get a solution where data are stored on the personal server or NAS of a TB user, .... That wouldn't be for everyone, I guess :-(, but at least it would be GDPR compliant. Would it also be safe, safer than the big providers? That would be a new question!

https://www.theocbase.net/support-forum/1097-donations.html

For accessing the database my personal preference is http://sqlitebrowser.org/

For editing templates I like to use http://brackets.io/ 

 

Comment
There are no comments made yet.
  1. more than a month ago
  2. General features
  3. # 1
sco
Members
Accepted Answer Pending Moderation
0
Votes
Undo

Hi Marc, 

MEGA is not Google. Servers are based in NZ which have quit same rules as E.U. 

It assume encryption (each user have a key) and A2F functionnalities. It's frree of charges, and we won't suscribe a paying solution.

We used actually Dropbox free, so no encryption. The data used by elders are confidential that the main purpose to make us leave Dropbox free.

You're right for one point, this is not a GDPR issue, but confidential  files. 

We have studing a personnal stored solution like a NAS but we won't spend time on this....the goal is not to get IT skills but preaching and serving our brothers/sisters and JAH ! 

Thanks for your relevant remarks. 

Stefan 

Comment
There are no comments made yet.
  1. more than a month ago
  2. General features
  3. # 2
Marc
Members
Accepted Answer Pending Moderation
0
Votes
Undo

I feel with you. We are all in the same boat! I do not share my TB files with others, but I have TB on more than one computer. Issues about law, confidentiality and safety also apply in that situation.

About Dropbox Business maybe I should make myself clearer: that was not a suggestion. My point is, it may solve some issues, but not the really big one.

Though I believe NAS would be the best, I wouldn't  even know how to set one up myself even if TB offered the option. I can clearly understand why you do not choose that option now.

https://www.theocbase.net/support-forum/1097-donations.html

For accessing the database my personal preference is http://sqlitebrowser.org/

For editing templates I like to use http://brackets.io/ 

 

Comment
There are no comments made yet.
  1. more than a month ago
  2. General features
  3. # 3
sco
Members
Accepted Answer Pending Moderation
0
Votes
Undo

Thank you Marc. 

I know how to implement a NAS, but that will mean time, money et maintenance ....and this is not our goal. 

We agree on the subject. 

Take care

Stefan

Comment
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!