What is GDPR

The General Data Protection Regulation (GDPR) is a new European privacy law due to become enforceable on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.

The GDPR applies to all organizations established in the EU and to organizations, whether or not established in the EU, that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behaviour that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person.

Does IceHrm comply with GDPR?

Yes, IceHrm is compliant with the code of conduct published by CISPE Data Protection Code of Conduct. You can access a copy of Code of Conduct Here

How IceHrm Protects Your Data?

Your data is stored in Virtual Private Servers owned by IceHrm. All your personally identifiable data on our databases are encrypted using AES 256-bit technique.

Your files, such as employee documents, profile images and company documents are stored in [AWS S3] (https://aws.amazon.com/s3/). Storage is private and encrypted. Files will be downloadable only via a temporary URL generated by your IceHrm installation based on permissions granted to the logged in user.

All customer data is stored in at least in two different locations with the same level of security as a backup mechanism.

Access Control

Your data is not accessible even by IceHrm employees as all the personal data is encrypted before storage. Data can only be decrypted by a unique key associated with your installation.

Data Privacy

We never share your personally identifiable data with a third party.

According to our information security policy, the IceHrm staff is only allowed to access a customer installation when a written permission granted by the customer.


All IceHrm installations are monitored continuously for suspicious activity. In case of a security incident, customers will be notified promptly.

Who Owns Your Data?

You have the ownership of your data and you have the right to request a copy of all your company data stored in IceHrm Cloud.

Service Termination

You have the right to request deletion of your data and termination of the services provided by IceHrm anytime.

Third Party Service Providers

We use services of following providers. You can check their GDPR readiness via given URLs.