GDRP-compliant data rooms
Data protection made easy with netfiles
The introduction of the GDPR gave Europe a robust and comprehensive legal framework for the protection of personal data. Yet data protection is more than merely a legal necessity: It is fundamental to the trust that exists between customers and partners at your company. Since its inception, netfiles has remained steadfast in committing to the strictest data protection standards. It can help your company, too, to store data in compliance with the GDPR. Our data rooms deliver:
Outstanding security and availability
Development, hosting and a company domiciled in Germany
Certified, audited and GDPR-compliant data storage

What is the GDPR?
The General Data Protection Regulation (GDPR) is the European Union’s comprehensive body of data protection legislation. Since it came into force in 2018, it has governed and harmonized the protection of personal data. Valid across every EU member state, the GDPR has substantially reinforced the rights of all parties who are affected.
While the GDPR has the force of law throughout Europe, it is flanked in Germany by the Bundesdatenschutzgesetz (Federal Data Protection Act, or BDSG), which regulates aspects that are covered only in part or not at all by the GDPR.
Who is affected?
All companies that process personal data for either employees or customers fall under the jurisdiction of the GDPR.
According to Article 4 GDPR, personal data includes any information relating to an identified or identifiable natural person. This data includes
personal information such as the person’s name, address and date of birth
credit card information
HR data and customer numbers
phone numbers and e-mail addresses
health and social security information
location data
information about the person’s appearance
The GDRP also classifies some of this data as “especially sensitive” and in need of a higher level of protection.
What do companies have to do?
The GDPR states that “appropriate technical and organizational measures” must be taken to ensure adequate security when processing personal data. To this end, the Data Protection Conference recommends measures in the following categories:
The pseudonymization of personal data
The encryption of personal data
The ability to ensure the ongoing integrity and confidentiality of processing systems and services
The ability to ensure the availability and resilience of the processing systems and services
The ability to restore the availability of and access to personal data in the event of a physical or technical incident
A process for regularly testing, assessing and evaluating the effectiveness of the above measures
How netfiles supports you
netfiles stores data in full compliance with the GDPR. Here are just some of the ways in which we help our clients:
Encryption
Access control and authentication
Reporting obligations and documentation
Automated backups
Protection of sensitive information
Made, hosted and owned in Germany
Encryption
All documents in netfiles data rooms are AES-256-encrypted in line with the current state of the art during both storage and transmission. Data communication is protected by SSL/TLS (256-bit). netfiles regularly scores the top grade A+ in SSL Labs security tests.
New: netfiles Data Vault gives you the option of a data room with end-to-end encryption.
Access control and authentication
Detailed access rights at folder level specify which users can read, edit, download, print or not even see which documents. Confidential and sensitive documents thus remain safely protected against unauthorized access.
2-factor authentication (with the option of text message notification or an authenticator app/OTP), single sign-on (SSO), enhanced password guidelines and password-free login with a passkey provide additional security options to guarantee maximum protection and a convenient login experience.
Reporting obligations and documentation
Audit-proof logs are kept of all user activities in netfiles data rooms. Administrators can view and export detailed logs at file, folder or user level. Activity logs provide a comprehensive insight into logins, views, downloads and the use of Q&A functions by individual users and user groups.
This facility helps you meet your documentation and reporting obligations, as every activity is fully documented and can be reconstructed transparently.
Automated backups
Leading-edge data encryption, authentication and access control technologies ensure that, with netfiles, your data is always protected against unauthorized access. Our redundant data storage, backups and regular security checks also guard against data loss – with system availability of 99.9% guaranteed.
Even in the event of an IT outage at your company, any data you have stored in a netfiles data room remains available and can be accessed from any location, any device and via any operating system. netfiles thus becomes an ideal and integral component of your business continuity strategy.
To handle the long-term storage and archiving of your data, we also provide an online data room archive.
Protection of sensitive information
A series of options allows the level of data protection to be adapted to your individual requirements. Alongside automated virus scanning, functions such as watermarks and the prevention of document downloads can add extra levels of security.
In addition, an integrated redaction function enables you to render sensitive information in your documents permanently and reliably illegible.
Made, hosted and owned in Germany
netfiles data rooms meet the strictest standards of security in line with international norms. netfiles is ISO 27001-certified, but also possesses BSI C5 and SOC 2 certifications (type 2) that are regularly renewed. Once a year, netfiles additionally subjects itself to an independent penetration test.
Go here for more information about our various certifications.
All development and hosting activities at netfiles take place in Germany, where the company is also headquartered, and are bound exclusively by German and European legislation. You thus have the guarantee that foreign laws such as the US CLOUD Act do not apply in any way.
Added security is ensured by the fact that absolutely no third-party software is needed thanks to netfiles’ built-in functions for the online processing of Office documents and the conduct of video conferences in compliance with data protection legislation.
Encryption
All documents in netfiles data rooms are AES-256-encrypted in line with the current state of the art during both storage and transmission. Data communication is protected by SSL/TLS (256-bit). netfiles regularly scores the top grade A+ in SSL Labs security tests.
New: netfiles Data Vault gives you the option of a data room with end-to-end encryption.
Access control and authentication
Detailed access rights at folder level specify which users can read, edit, download, print or not even see which documents. Confidential and sensitive documents thus remain safely protected against unauthorized access.
2-factor authentication (with the option of text message notification or an authenticator app/OTP), single sign-on (SSO), enhanced password guidelines and password-free login with a passkey provide additional security options to guarantee maximum protection and a convenient login experience.
Reporting obligations and documentation
Audit-proof logs are kept of all user activities in netfiles data rooms. Administrators can view and export detailed logs at file, folder or user level. Activity logs provide a comprehensive insight into logins, views, downloads and the use of Q&A functions by individual users and user groups.
This facility helps you meet your documentation and reporting obligations, as every activity is fully documented and can be reconstructed transparently.
Automated backups
Leading-edge data encryption, authentication and access control technologies ensure that, with netfiles, your data is always protected against unauthorized access. Our redundant data storage, backups and regular security checks also guard against data loss – with system availability of 99.9% guaranteed.
Even in the event of an IT outage at your company, any data you have stored in a netfiles data room remains available and can be accessed from any location, any device and via any operating system. netfiles thus becomes an ideal and integral component of your business continuity strategy.
To handle the long-term storage and archiving of your data, we also provide an online data room archive.
Protection of sensitive information
A series of options allows the level of data protection to be adapted to your individual requirements. Alongside automated virus scanning, functions such as watermarks and the prevention of document downloads can add extra levels of security.
In addition, an integrated redaction function enables you to render sensitive information in your documents permanently and reliably illegible.
Made, hosted and owned in Germany
netfiles data rooms meet the strictest standards of security in line with international norms. netfiles is ISO 27001-certified, but also possesses BSI C5 and SOC 2 certifications (type 2) that are regularly renewed. Once a year, netfiles additionally subjects itself to an independent penetration test.
Go here for more information about our various certifications.
All development and hosting activities at netfiles take place in Germany, where the company is also headquartered, and are bound exclusively by German and European legislation. You thus have the guarantee that foreign laws such as the US CLOUD Act do not apply in any way.
Added security is ensured by the fact that absolutely no third-party software is needed thanks to netfiles’ built-in functions for the online processing of Office documents and the conduct of video conferences in compliance with data protection legislation.
Compliance
No-gaps implementation of regulatory requirements
netfiles supports companies as they implement central regulatory requirements, laying the foundation for fully compliant data exchange in sensitive contexts. For legal provisions such as the GDPR, NIS-2, DORA and for industry-specific requirements, there is no difference: Certified in accordance with ISO/IEC 27001:2013 and ISO 22301:2019, our data rooms satisfy the very strictest requirements in terms of confidentiality, integrity and availability.
Data is both stored and transmitted in encrypted form. Access controls can be micro-managed to a very granular level. And audit-proof documentation of all activities is guaranteed. Taken together, these measures ensure that your sensitive data is fully protected – and audit-proof – at all times.
A welcome alternative to US providers
File sharing in compliance with data protection laws
When it comes to data exchange and virtual data rooms, netfiles gives you an exceptionally secure alternative to US providers. Since our development and hosting activities – and our company headquarters – are all in Germany, netfiles complies fully with the GDPR and helps you realize a sovereign data strategy. All data that you transfer via netfiles is always AES-256-encrypted and stored at ISO-certified data centers in Germany. This practice complies with the EU’s strict data protection directive (the GDPR). It also guards your data against manipulation and access by foreign government agencies and against laws such as the US CLOUD Act.
netfiles is certified in accordance with ISO/IEC 27001:2013 and ISO 22301:2019. It also possesses independent BSI C5 certification and is certified pursuant to the internationally recognized System and Organization Controls (SOC 2) standard. To keep you independent of insecure data protection treaties and the US CLOUD Act, netfiles thus gives you complete control of your data and reinforces your data sovereignty.