gmail and GDPR

Discussion in 'IT & Internet' started by tony84, Jun 13, 2017.

Thread Status:
Not open for further replies.
  1. tony84

    tony84 UKBF Big Shot Free Member

    5,774 1,056
    Are the servers for UK based emails in gmail in the UK?

    I am just curious as to whether I will need to change who I access my emails through or not.

    Cheers.
     
    Posted: Jun 13, 2017 By: tony84 Member since: Apr 14, 2008
    #1
  2. soundengineeruk

    soundengineeruk UKBF Regular Free Member

    375 66
    Curious to Why the concerned with GDPR?
     
    Posted: Jun 13, 2017 By: soundengineeruk Member since: Jul 25, 2012
    #2
  3. tony84

    tony84 UKBF Big Shot Free Member

    5,774 1,056
    Have I used the wrong terminology?
    My understanding is that if I hold an individuals personal information it must on a server within the EU with a certain level of security.

    As I hold a lot of personal information for customers, it would mean that this is pretty important.

    Although I have only briefly come across it and it is only really gmail that would affect me from what I can see.
     
    Posted: Jun 13, 2017 By: tony84 Member since: Apr 14, 2008
    #3
  4. soundengineeruk

    soundengineeruk UKBF Regular Free Member

    375 66
    Yes you are right if hold information about an individual and you are in the U.K., it has as been stored with EU (I believe).

    However, as you talking about email then it does fall under the GDPR.

    If you transfer the data out of Gmail to I.e database then yes.. the database has to be within EU.

    Well that is the way I understand it. Anyone else want confirm or have a better take on it.
     
    Posted: Jun 13, 2017 By: soundengineeruk Member since: Jul 25, 2012
    #4
  5. consultant

    consultant Your Business Community Staff Member

    5,607 781
    I am not as up to speed on GDPR as I should be, but I do not think it covers location.

    It is about the way you collect, use and protect personal data, an extension from our current DPA.

    If you send mass mail via GMAIL, you will have an issue. If it s for standard email communication, probably not!
     
    Posted: Jun 13, 2017 By: consultant Member since: Jan 21, 2008
    #5
  6. Alan

    Alan UKBF Legend Full Member - Verified Business

    6,577 1,818
    Posted: Jun 13, 2017 By: Alan Member since: Aug 16, 2011
    #6
  7. soundengineeruk

    soundengineeruk UKBF Regular Free Member

    375 66
    Any data that is being transferred outside EU will need to ensure that a legitimate basis for transferring personal data.
    I know in the GDPR you have to audit users opting in and out (Privacy by design). If you don't have an audit trail of user opting in and messages are sent, yep issue will arise..

    Other things I'm aware of (looking back through my notes)
    • Under age of 16 cannot legally consent of processing personal information
    • Infringement can bring fines up to 4% or 20 million euros (which ever greater) of annual global revenue
    • Breaches have to be report within 72 hours
     
    Posted: Jun 13, 2017 By: soundengineeruk Member since: Jul 25, 2012
    #7
  8. ffox

    ffox UKBF Regular Free Member

    1,314 237
    GDPR requirement extends well beyond email.

    The definitions used by GDPR are quite broad. To move from the theoretical to practicality, an organization needs to understand what personal data it holds for its business operations and where they use the data within software applications.

    For example -
    Annual reviews written about employees and stored electronically
    A list of applicants for a position in a spreadsheet
    Tables holding data (names, employee numbers, hire dates, salaries) about employees

    In effect, individuals have the right to ask companies to tell them what of their personal data a company holds, to correct errors in their personal data, or to erase that data completely. Companies need to know what personal data they hold, make sure that they obtain consents from people to store that data, protect the data, and notify authorities if data breaches occur.

    The biggest challenge for most Small Business will be finding such data of their computer systems.
     
    Posted: Aug 19, 2017 By: ffox Member since: Mar 11, 2004
    #8
  9. D Court

    D Court UKBF Newcomer Free Member

    3 0
    The plain reality is that whilst google say they are committed to gdpr they are only playing at it.

    Any data stored on a data subject outside the EU (that's many of the google services) must have consent from the data subject and it be made plain that such data maybe released and used by the data processor (google) or relevant authorities in the country where they reside (USA). Data subjects must have the opt out option which means no google services!

    When and if google really commits to gdpr they will provide storage for all EU services they provide.. until then I think they offer no real gdpr solution for most organisations - note there are exceptions to this where google do contract to keep data on EU servers but you have to check!
     
    Posted: Jan 30, 2018 By: D Court Member since: Jan 30, 2018
    #9
  10. Russ Michaels

    Russ Michaels UKBF Contributor Free Member

    67 16
    If you are an EU customer then your data should be stored on EU servers and is thus GDPR compliant. Google have sent out numerous notifications about this, which you are the admin of your domain should have received.
    I am a Google partner/reseller so have seen all the GDPR related emails and it all looks good to me.
     
    Posted: Jan 31, 2018 By: Russ Michaels Member since: Jan 19, 2018
    #10
  11. D Court

    D Court UKBF Newcomer Free Member

    3 0
    I would agree that if you're an EU customer your data "should" be stored on EU servers but google won't committ to this unless you are a business customer. In many notifications google claim to be GDPR compliant but this is either playing semantics or deliberately misleading.

    There is no requirement within GDPR to store all data within the EU but there are two additional requirements if data is going to be stored outside the EU.. 1) The data subject must be informed that their data is being stored outside the EU and therefore subject to the laws of another country which may not respect their privacy (namely USA). 2) There must be an opt out option. Frankly, that means potentially a nightmare for many google customes as google services (like gmail, googledrive,etc) are stored outside the EU.

    Google could fix this in heartbeat like Dropbow and simply put in the resources to store all EU customer services on EU based servers. I suspect Google don't like the EU after they were hit hard by them for unfair practices.

    Irrespective UNLESS a business can gain concrete assurance from Google that their data is stored in the EU they effectively cannot use Google services when GDPR comes in!
     
    Posted: Jan 31, 2018 By: D Court Member since: Jan 30, 2018
    #11
  12. Russ Michaels

    Russ Michaels UKBF Contributor Free Member

    67 16
    If you have G-Suite (formerly google apps for business) then you are are a business customer.
    I was NOT referring to free gmail accounts. You really cannot expect GDPR compliance with something which is free.

    If you have any doubts, I suggest contacting google support for confirmation
     
    Posted: Jan 31, 2018 By: Russ Michaels Member since: Jan 19, 2018
    #12
  13. D Court

    D Court UKBF Newcomer Free Member

    3 0
    I'm sorry I can only partially agree with you.

    Firstly it's not a requirement of GDPR to store data within the EU.

    Secondly, the whole point of GDPR (and privacy in the US) is about knowing things about personal data. The fact Google (and others) store and use our data by providing a free service is the biggest reason GDPR and similar privacy in the States is being implemented! Therefore, it's not unreasonable for this to be made plain. Again I'm not saying that Google should store only in the EU for their free service offerings but they should be abundantly clear when they are not and where it is stored... and indeed to be GDPR compliant they will have to!

    Thirdly Google offers G-Suite to non-profit for free and that's where I'm coming from. Google are still not clear on storage location despite fellow members from the voluntary sector repeatedly asking. The non-profit notifications don't make this clear.

    Fourthly, I do accept that G-Suite business customers can specify EU servers to remove this problem.
     
    Posted: Jan 31, 2018 By: D Court Member since: Jan 30, 2018
    #13
  14. David997

    David997 UKBF Newcomer Free Member

    2 0
    There are two aspects to this.
    1. If Google offer Gmail as a service in the EU then the service needs to be GDPR compliant.
    2. If an EU based organisation chooses to use Google's service, even the free one, then they need to ensure they are compliant to GDPR, as data controller and data processor.
     
    Posted: Apr 12, 2018 By: David997 Member since: Apr 12, 2018
    #14
  15. David997

    David997 UKBF Newcomer Free Member

    2 0
    1. No, it does not have to be stored in the EU, but if it is outside the EU it must comply with the conditions that allow such a transfer. (EU GDPR CHAPTER V)
    2. Email falls under GDPR - "any information relating to an identified or identifiable natural person" (EU GDPR Article 4 definition of personal data)
     
    Posted: Apr 12, 2018 By: David997 Member since: Apr 12, 2018
    #15
  16. Russ Michaels

    Russ Michaels UKBF Contributor Free Member

    67 16
    Posted: Apr 12, 2018 By: Russ Michaels Member since: Jan 19, 2018
    #16
  17. ffox

    ffox UKBF Regular Free Member

    1,314 237
    The main issue I have with G-Suite, so far as GDPR is concerned is that the platform is neither an Enterprise Content Management system, nor is it a Document Management system. I can make a Document Management system in G-Suite, but why would I bother when its competitor, Office 365 with SharePoint, fills both functions straight out-of-the-box.

    O365 has full governance and compliance functions to accommodate warning and prevention of share when data contains such things as NI numbers, Swift Codes, Bank account numbers, etc. Simple to set up and simple to use.
     
    Posted: Apr 12, 2018 By: ffox Member since: Mar 11, 2004
    #17
  18. Russ Michaels

    Russ Michaels UKBF Contributor Free Member

    67 16
    Not everyone has the same requirements or needs. The key is to use the solution that best fits your own individual requirements.

    G Suite is not meant to be CMS nor is Office365. If you want a CMS then you need something Like WordPress, Joomla or one of the many other options.
    If you want SharePoint, then you can get this separately without Office365 or G Suite, they are not mutually exclusive.

    I used both Office365 and G Suite, and I chose G Suite for email and google drive and Office365 just for the desktop office apps. I have also used ZOHO as well.

    The multitude of addons and plugins and integrations available with Gmail makes it a no-brainer compared to Microsoft if you need those things. The outlook webmail is very simple and there is just no comparison at all, and plugins for desktop Outlook doesn't come close.

    For the online office apps, both are very basic, and if you want the same functionality as the desktop apps, you are going to be disappointed either way. But the Online Office apps come closer than Google Office Apps, especially if you need to open word or excel docs.
    But then Google Apps gives you a lot more apps, including 3rd party apps.

    OneDrive is fine for personal stuff, and it is convenient that it is built into Windows. But for business use I use Google Drive, as you have far greater controls over permissions and sharing and security. Such as the ability to share a file or folder with a specific person, and that person must have a google account and be logged in with that account to access the share. This is the default behaviour, even with a free gmail/gdrive account.

    Whereas with OneDrive I can share a link, and anyone with that link can access the share. If you want more control akin to Google Drive, then you have pay extra for OneDrive for Business.

    The Support is also a no-brainer, Google Support while not perfect, is so much better than Microsoft by a mile. Every time I have had to contact Office365 support it was a very painful experience.
    Whenever I have had issues with clients not able to send an email via their website, this has been a complete dead end every time, as Microsoft support simply cannot comprehend the concept of sending an email via a website or anything other than Outlook, and will just keep telling you how to setup outlook. I was beating my head against a brick wall trying to explain to the tech that a website doesn't use outlook, LOL.

    Nowadays I do not even bother and just use Amazon SES or Mailgun for website email by default.
     
    Posted: Apr 12, 2018 By: Russ Michaels Member since: Jan 19, 2018
    #18
  19. ffox

    ffox UKBF Regular Free Member

    1,314 237
    Hmmm. I said nothing about CMS. This is for web site content management. I reported that G-Suite is not an Enterprise Content Management system, where O365 is. I leave it to you Google, or Bing, ECM and learn what it does.

    The short version is that ECM provides a means to exercise control and governance over ALL data contained in an enterprise system. Even a one man business has data scattered across multiple file systems, on multiple devices. Personal information is held in file folders, contact lists, CRM systems, documents, spreadsheets and databases.

    GDPR requires the data controllers and data processors exercise governance over that data.

    G-Suite does not provide this capability, so a G-Suite user must implement other means to manage data. O365 does provide this capability. The Security and Compliance dashboard enables an admin to enable, with a few clicks, security for PECR and DPA (soon to be GDPR) across every data entry in the system.
     
    Posted: Apr 13, 2018 By: ffox Member since: Mar 11, 2004
    #19
  20. Russ Michaels

    Russ Michaels UKBF Contributor Free Member

    67 16
    I don't need to learn what a CMS does thanks, I have been doing this a lot longer than you I suspect, but thanks for the sarcasm.
    CMS stands for Content Management System, thus why I mentioned it.

    I can send you a screenshot to show you where you mentioned those words if you think it will help.

    As I said it is the best tool for the job. I will gladly recommend either O365 or G Suite and I am a partner for both. You seem to have an axe to grind with g suite though.
     
    Posted: Apr 13, 2018 By: Russ Michaels Member since: Jan 19, 2018
    #20
Thread Status:
Not open for further replies.