Data Sharing & Confidentiality

Data is submitted to GRESB through a secure online platform. It can only be seen by current GRESB staff and, to a more limited extent, authorized personnel from GRESB’s third-party validation provider, Sustainability Assurance Services (SAS).

Data collected through the SFDR Infrastructure Assessments is only disclosed to the participants themselves.

Participants can share data with their investors themselves outside of the GRESB portal by downloading their report as a PDF.

GRESB is fully compliant with GDPR. The GRESB Privacy Statement can be found here. We also have specific internal policies, such as our Data Breach Policy and our Data Protection Policy, related to GDPR that we cannot share externally for security reasons. Please note that asset-level data does not fall under the incidence of GDPR because it does not contain any personal data.

GRESB’s data security measures and systems have been reviewed by an external expert and no issues were flagged. The GRESB website and the GRESB Portal are fully HTTPS/TLS encrypted. GRESB has strict and extensive policies on data security that cannot be shared externally for security reasons.