More and more companies are choosing Infomaniak to host their data. But beyond the marketing, is the Swiss host truly GDPR compliant? We analyzed the facts.
TL;DR: Yes, Infomaniak Is GDPR Compliant
Short answer: yes, Infomaniak is GDPR compliant. But let\'s see why in detail.
Switzerland and the GDPR
Adequacy Decision
The European Commission has recognized Switzerland as offering an adequate level of protection for personal data. This means that data transfers from the EU to Switzerland are authorized without additional safeguards.
This decision is based on the Swiss Federal Act on Data Protection (FADP), considered equivalent to the GDPR.
The New FADP (2023)
Switzerland revised its data protection law in 2023 to strengthen it further:
- Privacy by design principle
- Data breach notification requirement
- Right to data portability
- Enhanced penalties
Infomaniak and GDPR Requirements
1. Data Location (Articles 44-49)
Compliant
All data is hosted exclusively in Switzerland, in Infomaniak\'s data centers in Geneva and the canton of Vaud. No transfers to third countries.
2. Data Processing Agreement (Article 28)
Compliant
Infomaniak provides a Data Processing Agreement (DPA) compliant with Article 28 of the GDPR. This contract is available in the Infomaniak Manager and can be signed electronically.
3. Security Measures (Article 32)
Compliant
Infomaniak implements robust technical and organizational measures:
- ISO 27001 certification (information security)
- Data encryption in transit (TLS) and at rest
- Two-factor authentication
- 24/7 infrastructure monitoring
- Regular penetration testing
4. Breach Notification (Articles 33-34)
Compliant
Infomaniak commits to notifying data breaches within 72 hours, in accordance with the GDPR. Procedures are documented in the DPA.
5. Sub-Processors (Article 28.2)
Compliant
Infomaniak does not use American sub-processors for data processing. The infrastructure is managed in-house. The list of sub-processors is available and kept up to date.
Infomaniak vs American Hosts
| GDPR Criteria | Infomaniak | Google/Microsoft |
|---|---|---|
| Transfers outside EU | No (Switzerland only) | Yes (USA) |
| Cloud Act | Not applicable | Subject to it |
| DPA available | Yes (straightforward) | Yes (complex) |
| Certifications | ISO 27001 | Multiple |
| Legal risk | Low | Medium to high |
What Infomaniak Does Not Guarantee
For the sake of transparency, here is what remains your responsibility:
- Your overall GDPR compliance – Infomaniak is a compliant processor, but you remain responsible for your own data processing activities
- The data you collect – Infomaniak hosts your data but does not verify its legitimacy
- Your privacy policies – It\'s up to you to draft and maintain them
- Third-party applications – If you install non-Infomaniak apps on their servers, they are not covered
Available Documents
Infomaniak provides:
- DPA (Data Processing Agreement) – Processing contract compliant with Article 28
- Privacy policy – Details of processing activities
- Security measures – Technical documentation
- List of sub-processors – Transparency on the processing chain
These documents are accessible from the Infomaniak Manager or upon request to support.
Testimonials of Compliant Use
Many organizations subject to strict regulations use Infomaniak:
- Law firms (professional secrecy)
- Healthcare facilities (health data)
- Public administrations
- ISO-certified companies
Conclusion
Infomaniak checks all the boxes for GDPR compliance:
- Data hosted in an adequate country (Switzerland)
- Processing contract compliant with Article 28
- Certified security measures (ISO 27001)
- No transfers to high-risk countries
- Independent company, not subject to the Cloud Act
Choosing Infomaniak means ensuring seamless and lasting GDPR compliance, without the gray areas of American hosts.
Ready to migrate to Infomaniak?
Contact us for a free 15-minute audit. We will analyze your situation and provide you with a personalized quote.
Request a free audit