GDPR compliant cloud collaboration
Tresorit is an end-to-end encrypted content collaboration platform which provides the strongest data protection measures in the cloud to ensure easy compliance.
Try for free
14 days without limitations
Request a demo
See Tresorit in action
Trusted by 12,000+ organizations worldwide
Use encryption to protect personal data in the cloud against exposure and unauthorized risks
Unlike other cloud providers, Tresorit doesn't have access to your encryption keys or to the personal data you manage in your files. Even if our servers were breached, no one would be able to read the personal data in the files, except for the owner and users authorized by the owner.
Since the introduction of Tresorit, our confidential documents are only exchanged through Tresorit – and things have become secure, controlled and run smoother for all parties involved.
Felix Nolte – Solution Manager Workspace at Viessmann IT Service GmbH
Read their story
- Encrypt your files containing personal data to protect them against breaches: store and share customer lists in excel sheets, keep track of HR records, manage and share medical files, and confidential contracts. Tresorit’s end-to-end encryption is automatic during the whole collaboration process. You can easily store and work on documents within your team and with your clients.
- For the strongest protection, encryption keys should be controlled by the end-user and they should not be accessible to the service provider at any point of the encryption/decryption process. This means that the encryption should be done on the client-side, not in the cloud. With Tresorit's end-to-end encryption, your encryption keys that unlock your data are stored on the client side, on your device. Tresorit guarantees that the files' content cannot be modified without your knowledge, even if somebody hacks our system. Tresorit clients apply a Message Authentication Code (MAC) to each file’s content, with a key known only to the user’s client and those they share the file with, but not by the server. Tresorit can never access the personal data stored in your files, only you and those who you share with can read it.
- In the event of a security incident such as a server-side attack, only the encrypted, unintelligible data can leak. With Tresorit's end-to-end encryption, it is infeasible to decrypt the files and in turn, the personal data in them. Thus, server-side hacks are not considered data breaches, and the GDPR's data breach notifications requirements do not apply. This means saving the costs of data breach notifications, potential fines, and protecting your staff or clients' right to privacy.
- As Tresorit does not have access to your encryption keys and your personal data encrypted in the files, we are not considered as data processors for your encrypted files. This means that if you are audited, Tresorit falls out of the audit scope with respect to the personal data stored in your encrypted files. If you are checked for compliance, the process is easier.
- Even if you have plenty of personal data in your files stored with Tresorit, practically no personal data is transferred to us. By keeping personal information within your company walls, you don't need to ask for the consent of your clients, staff or contractors for managing their data in files processed with Tresorit.
Encrypt personal data to prevent data breaches
“The controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including .... encryption of personal data.”
GDPR Article 32. Security of Processing
GDPR Article 32. Security of Processing
- Tresorit's Admin Center is a central dashboard to control file management in your organization and comply with GDPR's strict requirements on implementing data protection measures and Privacy by Design. It helps you oversee what happens to files containing personal data within your company, set up and enforce security policies, and manage company-owned devices.
- With Tresorit, you can make sure that everyone on your team is one the same page when it comes to using crucial data security tools and following processes such as 2-Step Verification, IP filtering or secure sharing of personal data.
- The GDPR requires that only those who need to work with personal data should have access to them. With Tresorit's permission settings, you can guarantee that personal data is shared with only those who require it for their job.
- Tresorit allows you to keep control over data both when shared within your company and with clients or contractors. Syncing folders and files enable secure internal collaboration, while link-based sharing allows for sharing files, folders, and tresors securely with those without a Tresorit account. Password protection, download limit, and expiry date provide further protection for confidential documents.
Keep control over your data to implement Privacy by Design
“In order to be able to demonstrate compliance with this Regulation, the controller should adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.”
GDPR Recital 78: Appropriate technical and organizational measures
GDPR Recital 78: Appropriate technical and organizational measures
- At Tresorit, data protection and security are our core missions. We design and develop Tresorit with privacy by design in mind, in order to provide the strongest protection to all of our users, be it SMBs, enterprises, NGOs, journalists or personal users. We believe that privacy and security are fundamental human rights. As the GDPR translates these rights into real data protection requirements for businesses, our goal is to provide the most secure solution to help companies meet these requirements.
- Tresorit uses Microsoft Azure data centers in the EU as well. The data centers are audited for ISO27001, ISO27017, ISO27018, SSAE 16 and several other certifications. Data uploaded to Tresorit is mirrored to multiple storage nodes in a datacenter, creating locally-redundant copies. This mitigates the risk of data loss and ensures high availability at the same time.
- Our Data Processing Agreement summarizes the legal mechanisms for data processing required by the GDPR. By signing the DPA with our customers, we undertake to provide the technical and organizational measures to protect our users' data. This document is crucial for you to verify to auditors and clients that your use of Tresorit meets GDPR requirements.
- Tresorit is transparent about how we manage user data and how we respond to international data requests. Read our report here.
Secure infrastructure and legal guarantees for your compliance
"Personal data shall be: (a) processed lawfully, fairly and in a transparent manner in relation to the data subject, ... "
GDPR Article 5. Principles relating to the processing of personal data
GDPR Article 5. Principles relating to the processing of personal data
Tresorit features to get your business ready for the GDPR
End-to-end encryption, done on the client side (AES-256, RSA-4096)
Audit trail to log file activities
EU data centers
Patented sharing protocol with zero-knowledge
Centralized control over data at the Admin Center
Data Processing Agreement
Encryption keys controlled by you
Transparency report
Enforce security measures and policies
Redundant storage
User-friendly, built-in encryption for all your files, all the time
Manage granular permission settings
Free eBook
GDPR Cloud Security Guide
In this free GDPR Compliance Guide, you’ll learn:
- What is the GDPR (General Data Protection Regulation) and what are its requirements for managing personal data in the cloud?
- What are the main challenges of using cloud-based services?
- What are the 5 key technology and legal requirements cloud storage services should meet to help you ensure GPDR compliance?
- How do major cloud storage services Box, Dropbox, OneDrive, and Tresorit compare in terms of GDPR compliance?