How Dow Jones automated their GDPR compliance process with the Dropbox APIs

// By JJ Kass • Nov 19, 2018

Dow Jones needed to assess over 230 applications for GDPR compliance. Learn how they automated their internal process to collect, synthesize, search and access the data using the Dropbox APIs.

The Challenge

When the EU approved GDPR—the General Data Protection Regulation—in April of 2016, companies around the world took notice. The new set of laws, scheduled to take effect two years later, included strict standards for companies with access to personal data.

With customers and employees across the globe, Dow Jones was no exception. The company’s GDPR team began work to evaluate data management, retention, and information flow policies across the company. As part of that effort, the team needed to assess any applications that processed personal data.

Alex Zhang is the software engineer who was tasked with making that process as efficient as possible. His team, which is part of the IT organization, administers and customizes the company’s SSO, HR and collaboration tools. Alex’s role on the team is to make “glue,” which is his word for the code he writes to make all those different systems talk to each other. In this case, his goal was to facilitate the collection of survey data on each of the company’s applications, synthesize that data and provide a simple way for the GDPR team to search and access it.

The Solution

He started by using a CMDB system to aggregate the company’s more than 230 applications and map them to their owners and users. At the same time, he developed an internal survey tool to share custom surveys—over 650 in total—with those employees for completion.

Next, he needed to create a way for Dow Jones’ GDPR team to easily access the survey data. His solution was to develop an web form the GDPR team could use to request survey results for specific applications or users as needed. Each request triggered a custom application to query the survey database and generate a PDF report summarizing the results needed.

Finally, he needed a simple way to share the PDF reports with the GDPR team, which is where he turned to Dropbox. With the Dropbox APIs, Zhang’s solution created a Dropbox folder using the /create_folder endpoint, saved the PDF there using the /upload endpoint, and generated a shared link to the folder using the API’s shared link creation endpoint, /create_shared_link_with_ settings. Just minutes after submitting the request, the GDPR team then received a link in an e-mail, allowing them to go to Dropbox and download the requested report. A request for a report on total survey results would be ready in 10 minutes.

Visual of the Dow Jones GDPR workflow, including the specific Dropbox API endpoints used

The Results

The speed and accuracy of Zhang’s solution was critical to Dow Jones’ GDPR compliance effort. The integration between the portal and Dropbox produced a seamless end user experience for the GDPR team. “Everyone at Dow Jones has a Dropbox Business account and knows how to use it,” says Zhang. “Taking advantage of that helped us get the technical hurdles out of the way and give people fast, direct access to the data they needed.”

Automation was key to reducing the administrative overhead for everyone involved. “Automating the process allowed us to remove the human element,” says Zhang. “The less people have to get involved in managing data, the cleaner that data will be and the more time they’ll spend focusing on what they do best.”

Zhang raves about the Dropbox API’s ease of use. “Some APIs make developers jump through hoops,” Zhang said. “But Dropbox’s is simple and well documented and overall a pleasure to work with.”

“Some APIs make developers jump through hoops, but Dropbox’s is simple and well documented and overall a pleasure to work with.”

He expects the value of his system to extend beyond GDPR. He is evaluating its fit for other use cases and, for example, is already using it to manage the company’s Code of Conduct survey. “Dropbox offers a unique solution to something that was antiquated for decades,” explains Zhang. “It brings social functionality to storage through sharing, availability and collaboration. That’s a really powerful combination.”

If you’re interested in having your story featured on the Dropbox developer blog, let us know. To build your first Dropbox app, check out our getting started guide

// Copy link