English

Dutch

navlogo_blue

English

Dutch

Cleaning companies

Backup for Cleaning companies

Ransomware-proof backup for cleaning companies — compliant with GDPR / AVG, hosted on Dutch soil.

✓ Client contracts
✓ Workforce scheduling
✓ Payroll records
7 years
Retention period for client contracts (GDPR / AVG)
2-4 hrs
Recovery time with hybrid backup
100%
Hosted on Dutch soil
ISO 27001 Certified
NEN 7510 Certified
100% EU-datacenters (NL & DE)
GDPR & NIS2 Compliant
Chapter 01

Why Cleaning companies are extra vulnerable to data loss

What makes cleaning companies data a high-value target — and what happens when it's gone

Cleaning companies store some of the most sensitive data in their field — including client contracts | workforce scheduling | payroll records. This combination of confidential records, long statutory retention obligations, and day-to-day reliance on software like Schoonmaak-ERP makes them a prime target for cybercriminals.

Ransomware groups increasingly target organisations that cannot afford downtime — and cleaning companies fit that profile exactly. A firm that loses access to its client contracts cannot operate. Deadlines are missed, regulatory obligations are breached, and clients lose trust. Under GDPR / AVG, data must be retained for 7 years — meaning a data loss event does not just disrupt operations today, it creates legal liability that extends years into the future.

The risk is not abstract. Loss of workforce scheduling data, ransomware on contract management systems, payroll record loss is the leading threat for this sector. Files with characteristics like workforce databases | client contract archives are difficult or impossible to reconstruct from memory once lost. Every day without a verified, offsite backup is a day of unnecessary exposure.

  • Cleaning companies
  • Client contracts
  • ISO 9001
Chapter 02

The misconception that costs many cleaning companies dearly

"Our data is just rosters and invoices — nothing sensitive enough to need proper backups."

It is easy to understand why many cleaning companies believe this. Schoonmaak-ERP is marketed as a professional-grade platform, and vendors naturally emphasise uptime and reliability. But there is a critical difference between redundancy and recovery. A system can be highly available and still offer you zero protection the moment ransomware encrypts your files or an administrator accidentally deletes a directory.

Synchronisation tools — including those built into Schoonmaak-ERP — propagate changes in near real-time. When ransomware encrypts a file, that encrypted version immediately overwrites your 'backed up' copy. By the time the attack is discovered, every sync destination contains the same unusable data. This is not a backup. It is a perfectly synchronised disaster.

The practical consequence: without an independent, immutable backup, cleaning companies facing a ransomware attack have two options — pay the ransom or start over. Neither is acceptable when GDPR / AVG requires you to demonstrate full data integrity to regulators.

Schoonmaak-ERP does not protect your client contracts. A proper backup does.

Ransomware encrypts everything

If Schoonmaak-ERP is your only copy, ransomware that hits your primary environment also hits your 'backup'. Recovery becomes impossible without paying the attacker.

Regulatory penalty

Even a brief outage can cost cleaning companies significantly in missed deadlines, emergency IT costs, and lost billable time.

Regulatory non-compliance

Under GDPR / AVG, you are required to maintain accessible records for years. A data loss event that destroys those records is not just an IT problem — it is a compliance failure with real consequences.

Chapter 03

What do I need to back up if I use Schoonmaak-ERP?

The data cleaning companies typically overlook when using Schoonmaak-ERP

Schoonmaak-ERP manages your day-to-day workflow, but its built-in data protection typically covers only what happens within the application itself. It does not automatically back up your entire data environment — and there are several categories of data that fall outside its scope entirely.

For cleaning companies using Schoonmaak-ERP, the following should be included in any proper backup: client contracts, workforce scheduling, payroll records, safety data sheets. If you also use AFAS, any data in those systems must be covered separately.

Pay particular attention to workforce databases | client contract archives. These file types are either difficult to reconstruct or subject to strict legal retention requirements. A backup strategy that does not explicitly cover them is incomplete — and potentially non-compliant.

  • Cleaning companies
  • Client contracts
  • Schoonmaak-ERP
Chapter 04

What a proper backup actually does

The 3-2-1 rule — and why it matters for cleaning companies

The 3-2-1 rule is the baseline standard for data resilience: keep at least 3 copies of your data, on 2 different types of storage media, with 1 copy stored offsite. For cleaning companies, this is not just best practice — it is increasingly a regulatory expectation under frameworks like GDPR / AVG.

In practice: your primary production data counts as copy 1. A local backup (on a NAS or secondary server) is copy 2, enabling fast recovery without waiting for a cloud download. Copy 3 is stored in an offsite data centre — physically and logically separated from your main environment, so a fire, flood, or ransomware attack cannot reach all three copies simultaneously.

Mindtime extends this to a 4-copy model, with an additional snapshot stored in a second Dutch data centre. For cleaning companies managing client contracts, this means your data is always recoverable — from a clean, pre-attack restore point — regardless of what happens on-site.

A backup sitting in the same office as the server it protects is not a backup. It's a false sense of security.

3 copies of your data

Your production environment plus two additional copies — so a single failure never takes everything down.

2 different storage locations

One copy on-site for fast recovery. One at a certified secondary data centre.

1 copy stored offsite

For cleaning companies, that offsite copy is stored in a Dutch data centre — keeping your data within GDPR jurisdiction at all times.

Chapter 05

How do cleaning companies protect themselves against ransomware?

Specific measures for cleaning companies — beyond antivirus

Ransomware attacks on cleaning companies typically follow a predictable pattern: initial access via a phishing email or compromised credential, lateral movement to identify high-value data, and then encryption of everything — including network shares and connected backup drives.

The single most effective defensive measure is an immutable offsite backup — one that ransomware cannot reach. Beyond backup, cleaning companies should implement: multi-factor authentication on all systems (particularly Schoonmaak-ERP), regular software updates and patch management, network segmentation to limit lateral movement, and staff awareness training on phishing recognitions.

Critically, a backup is only useful if it has been tested. Many organisations discover during a recovery that their backup is incomplete, out of date, or corrupted. Mindtime performs automated integrity checks on every backup and alerts you if a backup fails — so you know your data is recoverable before you need it, not during a crisis.

Chapter 06

How do I create a backup if I use Schoonmaak-ERP?

A practical guide for cleaning companies using Schoonmaak-ERP

Setting up a proper backup for cleaning companies using Schoonmaak-ERP (and AFAS if applicable) involves more than activating the export function in your software. Here is the practical approach:

First, identify all data that must be retained under GDPR / AVG — including client contracts | workforce scheduling | payroll records. Map every location where this data lives: within Schoonmaak-ERP, on local drives, on shared network folders, and in any integrated third-party tools.

Second, configure Mindtime's agent on each endpoint and server that holds cleaning companies data. The agent performs incremental backups continuously, so you are never more than a few minutes behind your last recovery point. Backup frequency, retention periods, and encryption settings are all configured to meet your specific regulatory requirements.

Third, run a test restore within the first week. Verify that client contracts and other critical data types can be recovered fully and within your acceptable downtime window. Document the process so your team knows exactly what to do if an incident occurs.

Chapter 07

Data retention and compliance obligations for cleaning companies

GDPR / AVG and what it means for your backup strategy

Cleaning companies operate under some of the most specific data retention obligations in their field. The primary framework is GDPR / AVG, which sets clear requirements for how long client contracts must be kept, in what format, and with what level of accessibility.

Key retention requirements for cleaning companies:

— 7 years (fiscal)

— Employee records: 5 years post-employment

— Safety data: 10 years

Beyond retention duration, these regulations also require that data remains accessible and verifiable throughout the retention period. A backup that cannot be searched, exported, or audited does not satisfy the requirement. Mindtime's backup platform includes point-in-time restore, meaning you can retrieve any version of a file at any point within the retention window — exactly what regulators require during an audit.

Certification under ISO 9001 demonstrates that your data protection processes meet a recognised standard — which regulators and clients increasingly expect.

7 years — the minimum retention period for client contracts under GDPR / AVG. Your backup must last at least that long.

  • Cleaning companies
  • GDPR / AVG
  • ISO 9001
Chapter 08

Five steps to get this sorted

A practical checklist for cleaning companies implementing a proper backup strategy

1

Map all data locations

List every location where cleaning companies data lives — Schoonmaak-ERP, local drives, shared folders, integrated tools. Do not assume any single system covers everything.

2

Define retention requirements

Check your obligations under GDPR / AVG. Identify which data types need to be kept for how long, and make sure your backup configuration reflects those requirements explicitly.

3

Configure automated backup

Install Mindtime on every relevant endpoint and server. Set backup frequency, retention windows, and encryption. Confirm that client contracts

4

Run a test restore

workforce scheduling are all covered.

5

Document and review quarterly

Within the first week, perform a full test restore of your most critical data. Verify it opens, is complete, and matches the original. This is the only way to confirm your backup actually works.

Frequently Asked Questions

Your questions answered

Frequently asked questions about backup for cleaning companies

Schoonmaak-ERP offers file synchronisation and some redundancy, but this is not a backup. If files are encrypted by ransomware or deleted, that change is synced immediately — meaning your 'backup' copy is equally affected. An independent, immutable backup is essential.

Under GDPR / AVG, the minimum retention period is 7 years. Mindtime handles this automatically with configurable retention policies per data type.

With a proper 3-2-1 backup, you restore from a clean pre-attack snapshot — typically within 2-4 hours with Mindtime's hybrid approach. Without a proper backup, your only options are paying the ransom or starting from scratch.

Yes. Mindtime is ISO 27001 certified and stores all data exclusively on Dutch servers, ensuring compliance with GDPR/AVG and GDPR / AVG.

Most organisations using Mindtime's hybrid backup (local + cloud) can restore critical data within 2-4 hours, depending on data volume.

Scroll to Top