How Tresorit helps
Tresorit helps your business ensure GDPR compliance in the cloud with end-to-end encrypted file management, data control features and legal guarantees.
Tresorit helps your business ensure GDPR compliance in the cloud with end-to-end encrypted file management, data control features and legal guarantees.
“The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including .... encryption of personal data.”
GDPR Article 32. Security of Processing
Encrypt your files containing personal data to protect them against breaches: store and share customer lists in excel sheets, keep track of HR records, manage and share medical files, and confidential contracts. Tresorit's end-to-end encryption is automatic during the whole collaboration process. You can easily store and work on documents within your team and with your clients.
The GDPR recommends encryption to secure data against exposure. However, not all encryption provides the same protection in case your files get into the wrong hands. For the strongest protection, encryption keys should be controlled by the end-user and they should not be accessible to the service provider at any point of the encryption/decryption process. This means that the encryption should be done on the client-side, not in the cloud. With Tresorit's end-to-end encryption, your encryption keys that unlock your data are stored on the client side, on your device. Unlike in-transit or at-rest encryption even with key management modules, we never encrypt and decrypt your data on our servers. Tresorit can never access the personal data stored in your files, only you and those who you share with can read it.
In the event of a security incident such as a server-side attack, only the encrypted, unintelligible data can leak. With Tresorit's end-to-end encryption, it is infeasible to decrypt the files and in turn, the personal data in them. Thus, server-side hacks are not considered data breaches, and the GDPR's data breach notifications requirements do not apply. This means saving the costs of data breach notifications, potential fines, and protecting your staff or clients' right to privacy.
As Tresorit does not have access to your encryption keys and your personal data encrypted in the files, we are not considered as data processors for your encrypted files. This means that if you are audited, Tresorit falls out of the audit scope with respect to the personal data stored in your encrypted files. If you are checked for compliance, the process is easier.
Even if you have plenty of personal data in your files stored with Tresorit, practically no personal data is transferred to us. By keeping personal information within your company walls, you don't need to ask for the consent of your clients, staff or contractors for managing their data in files processed with Tresorit.
“In order to be able to demonstrate compliance with this Regulation, the controller should adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.”
GDPR Recital 78: Appropriate technical and organisational measures
Tresorit's Admin Center is a central dashboard to control file management in your organization and comply with GDPR's strict requirements on implementing data protection measures and Privacy by Design. It helps you oversee what happens to files containing personal data within your company, set up and enforce security policies, and manage company-owned devices.
With Tresorit, you can make sure that everyone on your team is one the same page when it comes to using crucial data security tools and following processes such as 2-Step Verification or secure sharing of personal data.
The GDPR requires that only those who need to work with personal data should have access to them. With Tresorit's permission settings, you can guarantee that personal data is shared with only those who require it for their job.
Tresorit allows you to keep control over data both when shared within your company and with clients or contractors. Syncing folders and files enable secure internal collaboration, while link-based sharing allows for sharing files, folders, and tresors securely with those without a Tresorit account. Password protection, download limit, and expiry date provide further protection for confidential documents.
"Personal data shall be : (a) processed lawfully, fairly and in a transparent manner in relation to the data subject, ... "
GDPR Article 5. Principles relating to the processing of personal data
At Tresorit, data protection and security are our core missions. We design and develop Tresorit with privacy by design in mind, in order to provide the strongest protection to all of our users, be it SMBs, enterprises, NGOs, journalists or personal users. We believe that privacy and security are fundamental human rights. As the GDPR translates these rights into real data protection requirements for businesses, our goal is to provide the most secure solution to help companies meet these requirements.
Tresorit uses Microsoft Azure data centers in the EU as well. The data centers are audited for ISO27001, ISO27017, ISO27018, SSAE 16 and several other certifications. Data uploaded to Tresorit is mirrored to multiple storage nodes in a datacenter, creating locally-redundant copies. This mitigates the risk of data loss and ensures high availability at the same time.
Our Data Processing Agreement summarizes the legal mechanisms for data processing required by the GDPR. By signing the DPA with our customers, we undertake to provide the technical and organizational measures to protect our users' data. This document is crucial for you to verify to auditors and clients that your use of Tresorit meets GDPR requirements.
Tresorit is transparent about how we manage user data and how we respond to international data requests. Read our report here.
With reports on data breaches in the news on a constant basis and given the confidentiality requirements of our work, encryption removes a very serious concern that arises when considering cloud storage.
Learn how to locate, identify, and protect personal data in your company before the GDPR deadline. Watch now
Learn the main data protection principles and impacts of the GDPR from legal and technology experts. Register now
Understand how end-to-end encryption helps your business ensure GDPR compliance. Download now