# Cloud & GDPR: 5 Key Requirements and a Quick Comparison (Box, Dropbox, OneDrive, Tresorit)
**Summary**
Cloud is convenient, but you need a **GDPR lens**. Here are **5 requirements** students should evaluate and a **classroom-oriented** comparison.
## 1) Five key requirements
1. **Controller/Processor contract**: clauses on protection, sub-processors, and technical/organisational measures.
2. **Encryption in transit and at rest** (ideally end-to-end for sensitive files).
3. **Location & retention**: data centres, storage periods, deletion policies.
4. **Key management**: who controls keys and access logging.
5. **Portability/recovery**: easy export and restore after incidents.
## 2) Quick comparison (indicative for learning)
| Criterion \ Service | Box | Dropbox | OneDrive | Tresorit |
| —————————– | —————– | ——– | ————————- | ————– |
| Controller/Processor contract | High | Med-High | High (MS ecosystem) | High |
| Encryption | High (enterprise) | Med-High | High (in transit/at rest) | **High (E2E)** |
| Location/retention | High (options) | Med-High | High (MS data centres) | Med-High |
| Key management | Med-High | Medium | Med-High | High |
| Portability/recovery | High | High | High | Med-High |
| **Notes** | | | | |
* **Tresorit** stands out for **E2E** (privacy-first), with fewer integrations.
* **OneDrive** benefits from **Microsoft 365** integration in academia.
* **Box** and **Dropbox** offer solid controls on suitable plans.
> **Disclaimer**: indicative table for education. Always verify vendor docs before real decisions.
*Image: Sam Johnston — CC BY-SA — Source: https://commons.wikimedia.org/wiki/File:CloudComputingNetworkDiagram.svg*
Leave a Reply