Skip to content

Latest commit

 

History

History
34 lines (24 loc) · 2.52 KB

gdpr.en.md

File metadata and controls

34 lines (24 loc) · 2.52 KB
type weight title description aliases ctatitle ctatext ctalink ctabutton cardtitle cardtext
article
1
GDPR Compliance
Encrypted data using Cryptomator can be stored outside the EU in a GDPR-compliant and secure way.
/gdpr
/faq/gdpr
/faq/gdpr/gdpr-compliant
/faq/gdpr/dpa-cryptomator
/faq/gdpr/dpa-cloudprovider
You want to encrypt your cloud storage with Cryptomator?
Cryptomator secures your sensitive and confidential files in the cloud using end-to-end encryption. Cryptomator Hub manages team access and is ideal for teams and organizations.
/#get-started
Encrypt Your Cloud Storage Now
GDPR Compliance
Encrypted data using Cryptomator can be stored outside the EU in a GDPR-compliant and secure way.

GDPR Compliance

Does Cryptomator allow GDPR-compliant file storage?

Yes. This has been {{< extlink "https://gdprhub.eu/index.php?title=Council_of_State_-_251.378" "confirmed by the Belgian Council of State on August 19, 2021" >}}: When storing data in countries that don't have data protection laws equivalent to the GDPR, organizations must implement supplementary measures. According to the judgement, encryption of said data is considered as an adequate supplementary measure.

In other words: If you use Cryptomator to encrypt personal data, the encrypted data can be stored GDPR-compliantly even outside the EU.

Is Cryptomator GDPR-compliant?

If you intend to store personal data (e.g. employee, customer, patient data, etc.), you must protect this data from access by third parties using suitable security measures. For example, GDPR articles 6, 32 and 34 explicitly refer to the possibility of encryption to protect data.

The use of Cryptomator is therefore such a technical security measure, which is suitable for storing encrypted data in your cloud. Please note that you usually have to sign an additional DPA with your cloud storage provider.

Do I need a Data Processing Agreement (DPA)?

Cryptomator runs as an application only on your PC or Smartphone. While we are the manufacturer of this software, we are no service provider and neither store, process or otherwise get in touch with your data. Therefore no DPA is needed to use Cryptomator. You keep full control over the data and are the sole person able to access to it!

Do I need a Data Processing Agreement (DPA) with my cloud storage provider?

Even if it is impossible to relate data to a person without the decryption key, a DPA might be necessary. We therefore recommend that you conclude a DPA with your cloud storage provider.