Data Security in Personio

The protection of your data is very important to us and represents a key component of the products and services provided by Personio. We observe data protection requirements as a matter of course, in particular those of the EU General Data Protection Regulation.


What Are the Requirements of the EU General Data Protection Regulation?

This EU regulation, known by the abbreviation GDPR, came into force as national law on May 25, 2018, and aims to strengthen data protection law throughout Europe and create a uniform legal framework across the EU. Both as an organization and in terms of our software, Personio is fully GDPR data protection compliant. This was recently certified by Bitkom (click here for a summary of the audit report, German only). This means that your personal data is comprehensively protected.

We have introduced technical and organizational procedures (German only) to ensure our data processing security, and we are continuously developing these further.


Where Is My Data Stored?

Personio uses Amazon Web Services (AWS) as a hosting provider. All our customer data is stored on ISO/IEC 27001-certified servers in Frankfurt and does not leave the EU. The servers thus fulfill our strict requirements for the physical security of your data. 

Both our data protection officer and the state data protection authority have confirmed that the use of AWS in Germany complies with data protection regulations.


Who Can Access My Data?

All data is stored exclusively in encrypted form and the master keys are generated by us, ensuring that neither AWS nor any other third parties have access to your data. The master keys are of course secured and not freely accessible.

At Personio, only our Product Managers, our Customer Success Team employees (customer system-side) and our Infrastructure Team (server-side) have access on an ad-hoc basis. This is necessary to assist with the initial setup of your account and to deal with service requests. The allocation of access rights and access to customer systems is always logged. The customer determines whether access to a Personio account should be given to our support staff. You can find more details on Personio impersonation access here.

For more information about data protection at Personio, please click here.

If you have any questions about data protection at Personio, please contact




Article is closed for comments.

    Topics of this article