Data protection & IT security

Drooms is fully compliant with the GDPR.

Drooms is fully compliant with the GDPR

You trust us with your confidential documents and we take that responsibility seriously by safeguarding your data using the highest security standards and handling protocols available. Drooms is GDPR compliant and always puts the privacy of its customers first. Our dataroom software solution is continuously audited to ensure that we adapt to new technologies as they develop. We also work to keep improving our internal processes for handing your sensitive data.

What is the GDPR?

  • The data protection regulation is an EU regulation with the aim to protect personal data
  • It came into effect in May 2018 and replaced the Data Protection Directive 95/46/EC as well as all regulations of single EU countries.
  • The GDPR applies to all companies based in the EU, but also to companies based outside the EU if they have a branch in the EU or process personal data of EU residents.
  • Personal data is any information leading to a person's identification e.g. name, email adress, ID number, location data, income and bank details, health information and IP address

For any questions or if you need more information please contact our Data Protection Team via:

Maximum security and GDPR compliance with Drooms

Measures taken to protect data from unjustified modification, processing or loss:

  • Drooms ISO 27001:2013 and 27018 certified 
  • Drooms GmbH fulfills the requirements of the GDPR and is as an organization as well as software GDPR compliant. The data protection report from our Data Protection Officer can be found here
  • Maintenance of servers is taken care of by Drooms GmbH in Frankfurt alone
  • Technical and Customer Support Services directly carried out by Drooms GmbH
  • Regular penetration tests are carried out to assess data security
  • High availability server solutions
  • Detailed real-time analytics down to a single document page
  • Individual granting of review, print, and/or storage authorisations on the user and document level
  • Multi-factor authentication process with PIN and SMS
How we encrypt all data

At Drooms all data transfers are completed via TLS connections only and get encrypted with AES 256-bit.

Where we store all data

The provision of the contractually agreed data processing takes place exclusively in the EU or Switzerland. Any transfer to another third country requires your consent.

Limit access by IP filtering

The possibility to limit data room access at group level to specific devices with specific IP addresses is available. This ensures the data room is only accessed via a specific company network for example.

Data confidentiality

Two factor authentication and access controls are just some of the ways clients have autonomy on how and whether their data is kept.

Vulnerability management

Drooms performs internal vulnerability scans and safety tests. In case of an emergency our disaster scenario plan guarantees that data remains unaffected.

External security audits

As an ISO 27001: 2013 certified company, Drooms GmbH regularly carries out external and internal security audits to ensure safety and comply with regulations.


Download the GDPR data room provider checklist and find out how committed your cloud service provider is.


Get free checklist