New AI-supported search enabled
bell-exclamationRead GRESB's statement here before use
Ctrlk
About UsContact UsPortal Login

Data Sharing & Confidentiality

Access to Submitted Data

Who can see my assessment response?

Data is submitted to GRESB through a secure online platform. It can only be seen by current GRESB staff and, to a more limited extent, authorized personnel from GRESB’s third-party validation provider, Sustainability Assurance Services (SAS).

Access to Assessment Results

Who can see my assessment results?

GRESB Scores are not made public. Only participants can access their Fundamentals results and report in the GRESB Portal, and they may choose to share them with their investors.

  • This policy applies to both listed and non-listed entities. In 2026, by default, the Fundamentals Report will only be accessible to the participant. No investors will have access unless the participant actively enables sharing in the portal settings.

Access to Uploaded Evidence

Entities can disclose or withhold any documentation provided as evidence from GRESB Real Estate Investor Members. Each uploaded document has a checkbox, with the default set to ‘not available’. When opted into by the participant, this makes the evidence available to all investors with access to that entity. If the entity chooses to share its evidence with investors, it will appear in the Fundamentals Report.

Note that it is impossible to share documents with investors on a case-by-case basis.

Access to Open Text Boxes

The content of open text boxes are included in the Fundamentals Report.

Participant Disclosure & Visibility

Who can see my participation status?

GRESB does not disclose a participant’s data to other participants as a default.

An entity’s participation status is disclosed only in the GRESB Participant Directory:

  • Non-listed entities: GRESB displays the fund manager's name.

  • Listed entities: GRESB displays the entity name.

Data Protection & Security

GDPR Compliance

GRESB is fully compliant with GDPR. The GRESB Privacy Statement can be found here. We also have specific internal policies, such as our Data Breach Policy and our Data Protection Policy, related to GDPR that we cannot share externally for security reasons. Please note that asset-level data does not fall under the incidence of GDPR because it does not contain any personal data.

Cybersecurity

GRESB’s data security measures and systems have been reviewed by an external expert and no issues were flagged. The GRESB website and the GRESB Portal are fully HTTPS/TLS encrypted. GRESB has strict and extensive policies on data security that cannot be shared externally for security reasons.

PreviousData Quality & ValidationNextFundamentals Guidance

Last updated

Was this helpful?