Stay safe in the IONOS Cloud

Data protection and data security

Handling vast amounts of data comes with great responsibility. We take data security and your privacy seriously.

Try now

Data security

Data security in the cloud is more than just data protection

Data protection

Data protection aims to protect personal data against unauthorized third-party access, loss, or modification. Personal data in this context refers to all information relating to an identified or an identifiable person.

Data security

Data security refers to the protection of all company data, both personal and non-personal. The focus here is to ensure the security of the infrastructures used to store data, making sure no data leaks or breaches occur.

What kind of security does IONOS provide?

IONOS provides a suite of services powered by our advanced cloud infrastructure, ensuring the technical aspects of our platform run smoothly. We prioritize security and comply with stringent regulations, including the EU's GDPR, to safeguard customer data in our data centers.

Your responsibility as a customer

IONOS customers are responsible for the security of their own data when using the cloud service and infrastructure. Customers must equally take measures to protect their data stored in the cloud from unauthorized access and possible data loss.

Tools to protect cloud customers

IONOS Cloud and the GDPR

The European General Data Protection Regulation (GDPR) is one of the most robust legal frameworks for data protection in the world. It applies to all companies operating, processing and/or collecting personal data in the EU. Due to this, the regulation is relevant for all US companies that also operate within the EU or have decided to host their data in IONOS data centers within the EU.

In the context of the GDPR, a distinction must be made between two IONOS Cloud use cases.

IONOS as a processor

The customer is solely responsible for any third-party personal data that is processed or stored in the IONOS Cloud. In this case, IONOS takes the role of a processor, acting only on behalf of the customer and based on their instructions. You find more information about this topic here:

IONOS as a contractual partner and processor of personal data

IONOS processes the personal information of their customers as agreed on in the service contract and according to the highest national and international data protection standards.

Technical and organizational measures

For the protection of personal data, it’s important to ensure highly secure technical and organizational measures (TOM).

Secure pseudonymization and encryption of personal data is a big part of TOM. It’s also crucial to take care of the integrity, confidentiality, availability and resilience of systems and services that are used to process and store that data.

Finally, personal data should be restorable and made available again after a possible technical incident.

Sharing of tasks and measures

These essential tasks related to TOM are shared between the customer and IONOS.

For example, IONOS customers are responsible for the pseudonymisation and encryption of their own customer data. This also applies to backups.

IONOS on the other hand is responsible for the secure operation of the data centres. This includes taking appropriate measures relating to fire safety and restricted access to the facilities.

Further information about the current version of the TOM can be found in the Data Processing Agreement.

IONOS' data protection concept

IONOS provides its customers with a flexible virtualized infrastructure over the internet, on servers, storage devices, and networks. However, these don’t have to be exclusively used for this purpose. The customer can design their own virtual data center (IONOS Cloud Virtual Data Center or IONOS Cloud VDC) with the help of a user interface (Data Center Designer or DCD) or an API.

The Data Center Designer can be accessed via the IONOS website. In the DCD, the customer can choose the location where their data will be stored, as long as the chosen IONOS Cloud product is also available in that location.

The customer's data is always stored in the data centers of their choice. IONOS Cloud does not move customer data to other locations without the customer’s consent. This applies to all IONOS Cloud products.

The customer is to independently configure and manage all ordered service components (CPU, Cores, RAM, servers, storage devices, network interface cards, internet connection, IT infrastructure).

Data shall be collected, processed and used only for the customer’s business purposes and for the purpose of providing services to the customer. The customer is responsible to ensure the legality of the data processed in the VDC/DCD.

Data centers

IONOS operates multiple geo-redundant data centers in Europe and the USA. In Germany and the UK IONOS uses 100% renewable energy to operate its data centers. You can freely choose the location of your data center if the chosen cloud product is also available in that location.