Stay safe in the IONOS Cloud

Data protection and data security

Handling vast amounts of data comes with great responsibility. We take data security and your privacy very seriously.

Try now

Data security

Data security in the cloud is more than just data protection

Though data protection and data security are often used interchangeably, they don’t mean the same thing.

Data protection

Data protection aims to protect personal data against unauthorised third-party access, loss or modification. Personal data in this context refers to all information relating to an identified or an identifiable person.

Data security

Data security refers to the protection of all company data, both personal and non-personal. The focus here is to ensure the security of the infrastructures used to store data to make sure no data leaks or breaches occur.

What kind of security does IONOS provide?

IONOS offers its clients various services based on its cloud infrastructure. IONOS ensures the smooth technical operation of its platform. We comply with numerous national and international standards such as the UK’s and EU’s GDPR.

Your responsibility as a customer

IONOS customers are responsible for the security of their own data when using cloud services and infrastructure. Customers must take measures to protect their data stored in the cloud from unauthorised access and possible data loss.

Tools to protect cloud customers

IONOS Cloud and the GDPR

About the GDPR

The European General Data Protection Regulation (GDPR) applies to all companies operating, processing and/or collecting personal data in the UK and the EU. Due to this, the regulation is relevant for all UK companies that also operate within the EU or have decided to host their data in IONOS data centres within the EU.

In the context of the GDPR, a distinction must be made between two IONOS Cloud use cases:

IONOS as a processor

The customer is solely responsible for any third-party personal data that is processed or stored in the IONOS Cloud. In this case IONOS takes the role of a processor, acting only on behalf of the customer and based on their instructions. You find more information about this topic here:

IONOS as a contractual partner and processor of personal data

IONOS processes the personal information of its customers as agreed on in the service contract and according to the requirements of the UK GDPR.

Technical and organisational measures

For the protection of personal data, it’s important to ensure highly secure technical and organisational measures (TOM).

Secure pseudonymisation and encryption of personal data is a big part of TOM. It’s also crucial to take care of the integrity, confidentiality, availability and resilience of systems and services that are used to process and store that data.

Finally, personal data should be restorable and made available again after a possible technical incident.

Sharing of tasks and measures

These essential tasks related to TOM are shared between the customer and IONOS.

For example, IONOS customers are responsible for the pseudonymisation and encryption of their own customer data. This also applies to backups.

IONOS on the other hand is responsible for the secure operation of the data centres. This includes taking appropriate measures relating to fire safety and restricted access to the facilities.

Further information about the current version of the TOM can be found in the Data Processing Agreement.

IONOS' data protection concept

IONOS provides its customers with a flexible virtualised infrastructure over the internet, on servers, storage devices, and networks. However, these don’t have to be exclusively used for this purpose. The customer can design their own virtual data centre (IONOS Cloud Virtual Data Centre or IONOS Cloud VDC) with the help of a user interface (Data Centre Designer or DCD) or an API.

The Data Centre Designer can be accessed via the IONOS website. In the DCD, the customer can choose the location where their data will be stored, as long as the chosen IONOS Cloud product is also available in that location.

The customer's data is always stored in the data centres of their choice. IONOS does not move customer data to other locations without the customer’s consent. This applies to all IONOS Cloud products.

The customer is to independently configure and manage all ordered service components (CPU, cores, RAM, servers, storage devices, network interface cards, internet connection [IT infrastructure]). Data shall be collected, processed and used only for the customer’s business purposes and for the purpose of providing services to the customer. The customer is responsible to ensure the legality of the data processed in the VDC/DCD.

Data centres

IONOS operates multiple georedundant data centres in Europe and the USA. In the UK and Germany IONOS uses 100% renewable energy to operate its data centres. You can choose the location of your data centre if your chosen cloud product is available at that location.