The GDPR Recommends business to use technical safeguards like encryption to protect personal data. Encryption is a crucial Cloud security measure Because it minimizes the risk of exposing personal data if your files are leaked due to a hacker attack or an employee mistake. The GDPR states that if your business uses encryption, the 72hour data breach notification requirements do not apply. with the end-to-end encryption the keys are stored at the user only and the provider Need has access to plaintext keys and the personal data stored in the files. so, no personal data van be exposed due to a server-side security incident. finally it is also important that the provider uses industry standard algorithms like AES-256 that are thoroughly checked by cryptography researches.
Data Security & Control
In order to respect data security and control it is important to check how the provider manages user authentication and passwords: look for zero-knowledge services and make sure that The provider offers multi-factor authentification. Finally make sure that the service provides your business with extensive data control features like permission management, security policies, or access revoke.
The GDPR states that personal data should be processed lawfully, failry and in a transparent manner” FlandersToxPath represents the data controller and has to make sure that the third-party servies you use also meet these requirements. According to the principle of accountability, the final Responsibility and liability of protecting the data lies with you. In case of an audit, you have to prove to authorities that all your providers meet the GDPR requirements, too” To ensure this, it is crucial to choose a cloud storage service that is transparent about How the ymanage data and provide clear and easy to understand information about this Including nhoz they further process data and zwhat sub processors and third party services they use for that". Data residency is an essential aspect too” Although the GDPR doesn’t specify whether the data should be Stored in the EU ensuring GDPR compliance is more straightforward if You provider stores your data in EU data centers. When the provider uses Third-party country data centers or sub processors, additional Guarantees are needed to ensure that your data is protected according to the same high standards as the EU prescribes With the GDPR.
Legal Guarantees for data protection
In Addition to technical and infrastructure security measures, your provider has to offer legally binding Guarantees on data protection. these documents are crucial to prove to your clients and auditors that you are using GDPR compliant services. Tresorit is Based in Switzerland. Tresorit is established in a third country that received a data Protection adequacy decision from the EU or is certified Under the EU-US privacy shield or provides other adequate Guarantees that prove they have the same hight level of protection as EU companies approved by the procedure detailed in GDPR article 47.
Compared to other clouds such as Dropbox, OnDrive or Box, Tresorit has full capacity to the Following requirements that other mentioned above have not: encryption Keys controlled by the user, deleted file recovery, unlimited file versioning, compnay-managed groups, digital rights, IP-restriction policies, Download limits for links.
Any additional information about the secure cloud Tresorit can be achieved at firstname.lastname@example.org