How Tresorit helps

Tresorit helps your business ensure GDPR compliance in the cloud with end-to-end encrypted file management, data control features and legal guarantees.

Encrypt personal data to prevent data breaches

“The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including .... encryption of personal data.

GDPR Article 32. Security of Processing

  • Secure your business processes with encryption

    Encrypt your files containing personal data to protect them against breaches: store and share customer lists in excel sheets, keep track of HR records, manage and share medical files, and confidential contracts. Tresorit's end-to-end encryption is automatic during the whole collaboration process. You can easily store and work on documents within your team and with your clients.

  • Minimize the risk of data exposure with client-side end-to-end encryption & key control

    The GDPR recommends encryption to secure data against exposure. However, not all encryption provides the same protection in case your files get into the wrong hands. For the strongest protection, encryption keys should be controlled by the end-user and they should not be accessible to the service provider at any point of the encryption/decryption process. This means that the encryption should be done on the client-side, not in the cloud. With Tresorit's end-to-end encryption, your encryption keys that unlock your data are stored on the client side, on your device. Unlike in-transit or at-rest encryption even with key management modules, we never encrypt and decrypt your data on our servers. Tresorit can never access the personal data stored in your files, only you and those who you share with can read it.

  • No personal data stored in the cloud: no data breaches and breach notifications

    In the event of a security incident such as a server-side attack, only the encrypted, unintelligible data can leak. With Tresorit's end-to-end encryption, it is infeasible to decrypt the files and in turn, the personal data in them. Thus, server-side hacks are not considered data breaches, and the GDPR's data breach notifications requirements do not apply. –This means saving the costs of data breach notifications, potential fines, and protecting your staff or clients' right to privacy.

  • Simplify your compliance process

    As Tresorit does not have access to your encryption keys and your personal data encrypted in the files, we are not considered as data processors for your encrypted files. This means that if you are audited, Tresorit falls out of the audit scope with respect to the personal data stored in your encrypted files. If you are checked for compliance, the process is easier.

  • Manage consent compatibility with ease

    Even if you have plenty of personal data in your files stored with Tresorit, practically no personal data is transferred to us. By keeping personal information within your company walls, you don't need to ask for the consent of your clients, staff or contractors for managing their data in files processed with Tresorit.

Keep control over your data to implement Privacy by Design

“In order to be able to demonstrate compliance with this Regulation, the controller should adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.

GDPR Recital 78: Appropriate technical and organisational measures

  • Keep central control over your data

    Tresorit's Admin Center is a central dashboard to control file management in your organization and comply with GDPR's strict requirements on implementing data protection measures and Privacy by Design. It helps you oversee what happens to files containing personal data within your company, set up and enforce security policies, and manage company-owned devices.

  • Implement data protection measures within your teams

    With Tresorit, you can make sure that everyone on your team is one the same page when it comes to using crucial data security tools and following processes such as 2-Step Verification or secure sharing of personal data.

  • Ensure & demonstrate data confidentiality and integrity with permission settings

    The GDPR requires that only those who need to work with personal data should have access to them. With Tresorit's permission settings, you can guarantee that personal data is shared with only those who require it for their job.

  • Protect your data within your team and when sharing information externally

    Tresorit allows you to keep control over data both when shared within your company and with clients or contractors. Syncing folders and files enable secure internal collaboration, while link-based sharing allows for sharing files, folders, and tresors securely with those without a Tresorit account. Password protection, download limit, and expiry date provide further protection for confidential documents.

Secure infrastructure and legal guarantees for your compliance

"Personal data shall be : (a) processed lawfully, fairly and in a transparent manner in relation to the data subject, ... "

GDPR Article 5. Principles relating to the processing of personal data

  • Use a service with data protection at its heart

    At Tresorit, data protection and security are our core missions. We design and develop Tresorit with privacy by design in mind, in order to provide the strongest protection to all of our users, be it SMBs, enterprises, NGOs, journalists or personal users. We believe that privacy and security are fundamental human rights. As the GDPR translates these rights into real data protection requirements for businesses, our goal is to provide the most secure solution to help companies meet these requirements.

  • Certified data centers in the EU

    Tresorit uses Microsoft Azure data centers in the EU as well. The data centers are audited for ISO27001, ISO27017, ISO27018, SSAE 16 and several other certifications. Data uploaded to Tresorit is mirrored to multiple storage nodes in a datacenter, creating locally-redundant copies. This mitigates the risk of data loss and ensures high availability at the same time.

  • Easily conclude a legally binding Data Processing Agreement to demonstrate compliance

    Our Data Processing Agreement summarizes the legal mechanisms for data processing required by the GDPR. By signing the DPA with our customers, we undertake to provide the technical and organizational measures to protect our users' data. This document is crucial for you to verify to auditors and clients that your use of Tresorit meets GDPR requirements.

  • Transparency report

    Tresorit is transparent about how we manage user data and how we respond to international data requests. Read our report here.

Tresorit features to get your business ready for the GDPR

  • End-to-end encryption, done on the client side (AES-256, RSA-4096)
  • Encryption keys controlled by you
  • Patented sharing protocol with zero-knowledge
  • User-friendly, built-in encryption for all your files, all the time
  • Centralized control over data at the Admin Center
  • Manage granular permission settings
  • Audit trail to log file activities
  • Enforce security measures and policies
  • EU data centers
  • Redundant storage
  • Data Processing Agreement
  • Transparency report
Take our compliance test

Check how businesses are prepared now

Get the report with readiness tips

With reports on data breaches in the news on a constant basis and given the confidentiality requirements of our work, encryption removes a very serious concern that arises when considering cloud storage.

– Mark Morgan, Stella's Voice

Learn more about GDPR and cloud security