gmail and GDPR
- Thread starter tony84
- Start date
- Original Poster
- #3
Have I used the wrong terminology?
My understanding is that if I hold an individuals personal information it must on a server within the EU with a certain level of security.
As I hold a lot of personal information for customers, it would mean that this is pretty important.
Although I have only briefly come across it and it is only really gmail that would affect me from what I can see.
My understanding is that if I hold an individuals personal information it must on a server within the EU with a certain level of security.
As I hold a lot of personal information for customers, it would mean that this is pretty important.
Although I have only briefly come across it and it is only really gmail that would affect me from what I can see.
Upvote
0
Yes you are right if hold information about an individual and you are in the U.K., it has as been stored with EU (I believe).
However, as you talking about email then it does fall under the GDPR.
If you transfer the data out of Gmail to I.e database then yes.. the database has to be within EU.
Well that is the way I understand it. Anyone else want confirm or have a better take on it.
However, as you talking about email then it does fall under the GDPR.
If you transfer the data out of Gmail to I.e database then yes.. the database has to be within EU.
Well that is the way I understand it. Anyone else want confirm or have a better take on it.
Upvote
0
I am not as up to speed on GDPR as I should be, but I do not think it covers location.
It is about the way you collect, use and protect personal data, an extension from our current DPA.
If you send mass mail via GMAIL, you will have an issue. If it s for standard email communication, probably not!
It is about the way you collect, use and protect personal data, an extension from our current DPA.
If you send mass mail via GMAIL, you will have an issue. If it s for standard email communication, probably not!
Upvote
0
Any data that is being transferred outside EU will need to ensure that a legitimate basis for transferring personal data.
I know in the GDPR you have to audit users opting in and out (Privacy by design). If you don't have an audit trail of user opting in and messages are sent, yep issue will arise..
Other things I'm aware of (looking back through my notes)
- Under age of 16 cannot legally consent of processing personal information
- Infringement can bring fines up to 4% or 20 million euros (which ever greater) of annual global revenue
- Breaches have to be report within 72 hours
Upvote
0
F
ffox
GDPR requirement extends well beyond email.
The definitions used by GDPR are quite broad. To move from the theoretical to practicality, an organization needs to understand what personal data it holds for its business operations and where they use the data within software applications.
For example -
Annual reviews written about employees and stored electronically
A list of applicants for a position in a spreadsheet
Tables holding data (names, employee numbers, hire dates, salaries) about employees
In effect, individuals have the right to ask companies to tell them what of their personal data a company holds, to correct errors in their personal data, or to erase that data completely. Companies need to know what personal data they hold, make sure that they obtain consents from people to store that data, protect the data, and notify authorities if data breaches occur.
The biggest challenge for most Small Business will be finding such data of their computer systems.
The definitions used by GDPR are quite broad. To move from the theoretical to practicality, an organization needs to understand what personal data it holds for its business operations and where they use the data within software applications.
For example -
Annual reviews written about employees and stored electronically
A list of applicants for a position in a spreadsheet
Tables holding data (names, employee numbers, hire dates, salaries) about employees
In effect, individuals have the right to ask companies to tell them what of their personal data a company holds, to correct errors in their personal data, or to erase that data completely. Companies need to know what personal data they hold, make sure that they obtain consents from people to store that data, protect the data, and notify authorities if data breaches occur.
The biggest challenge for most Small Business will be finding such data of their computer systems.
Upvote
0
The plain reality is that whilst google say they are committed to gdpr they are only playing at it.
Any data stored on a data subject outside the EU (that's many of the google services) must have consent from the data subject and it be made plain that such data maybe released and used by the data processor (google) or relevant authorities in the country where they reside (USA). Data subjects must have the opt out option which means no google services!
When and if google really commits to gdpr they will provide storage for all EU services they provide.. until then I think they offer no real gdpr solution for most organisations - note there are exceptions to this where google do contract to keep data on EU servers but you have to check!
Any data stored on a data subject outside the EU (that's many of the google services) must have consent from the data subject and it be made plain that such data maybe released and used by the data processor (google) or relevant authorities in the country where they reside (USA). Data subjects must have the opt out option which means no google services!
When and if google really commits to gdpr they will provide storage for all EU services they provide.. until then I think they offer no real gdpr solution for most organisations - note there are exceptions to this where google do contract to keep data on EU servers but you have to check!
Upvote
0
If you are an EU customer then your data should be stored on EU servers and is thus GDPR compliant. Google have sent out numerous notifications about this, which you are the admin of your domain should have received.
I am a Google partner/reseller so have seen all the GDPR related emails and it all looks good to me.
I am a Google partner/reseller so have seen all the GDPR related emails and it all looks good to me.
Upvote
0
I would agree that if you're an EU customer your data "should" be stored on EU servers but google won't committ to this unless you are a business customer. In many notifications google claim to be GDPR compliant but this is either playing semantics or deliberately misleading.
There is no requirement within GDPR to store all data within the EU but there are two additional requirements if data is going to be stored outside the EU.. 1) The data subject must be informed that their data is being stored outside the EU and therefore subject to the laws of another country which may not respect their privacy (namely USA). 2) There must be an opt out option. Frankly, that means potentially a nightmare for many google customes as google services (like gmail, googledrive,etc) are stored outside the EU.
Google could fix this in heartbeat like Dropbow and simply put in the resources to store all EU customer services on EU based servers. I suspect Google don't like the EU after they were hit hard by them for unfair practices.
Irrespective UNLESS a business can gain concrete assurance from Google that their data is stored in the EU they effectively cannot use Google services when GDPR comes in!
There is no requirement within GDPR to store all data within the EU but there are two additional requirements if data is going to be stored outside the EU.. 1) The data subject must be informed that their data is being stored outside the EU and therefore subject to the laws of another country which may not respect their privacy (namely USA). 2) There must be an opt out option. Frankly, that means potentially a nightmare for many google customes as google services (like gmail, googledrive,etc) are stored outside the EU.
Google could fix this in heartbeat like Dropbow and simply put in the resources to store all EU customer services on EU based servers. I suspect Google don't like the EU after they were hit hard by them for unfair practices.
Irrespective UNLESS a business can gain concrete assurance from Google that their data is stored in the EU they effectively cannot use Google services when GDPR comes in!
Upvote
0
I'm sorry I can only partially agree with you.
Firstly it's not a requirement of GDPR to store data within the EU.
Secondly, the whole point of GDPR (and privacy in the US) is about knowing things about personal data. The fact Google (and others) store and use our data by providing a free service is the biggest reason GDPR and similar privacy in the States is being implemented! Therefore, it's not unreasonable for this to be made plain. Again I'm not saying that Google should store only in the EU for their free service offerings but they should be abundantly clear when they are not and where it is stored... and indeed to be GDPR compliant they will have to!
Thirdly Google offers G-Suite to non-profit for free and that's where I'm coming from. Google are still not clear on storage location despite fellow members from the voluntary sector repeatedly asking. The non-profit notifications don't make this clear.
Fourthly, I do accept that G-Suite business customers can specify EU servers to remove this problem.
Firstly it's not a requirement of GDPR to store data within the EU.
Secondly, the whole point of GDPR (and privacy in the US) is about knowing things about personal data. The fact Google (and others) store and use our data by providing a free service is the biggest reason GDPR and similar privacy in the States is being implemented! Therefore, it's not unreasonable for this to be made plain. Again I'm not saying that Google should store only in the EU for their free service offerings but they should be abundantly clear when they are not and where it is stored... and indeed to be GDPR compliant they will have to!
Thirdly Google offers G-Suite to non-profit for free and that's where I'm coming from. Google are still not clear on storage location despite fellow members from the voluntary sector repeatedly asking. The non-profit notifications don't make this clear.
Fourthly, I do accept that G-Suite business customers can specify EU servers to remove this problem.
Upvote
0
There are two aspects to this.
- If Google offer Gmail as a service in the EU then the service needs to be GDPR compliant.
- If an EU based organisation chooses to use Google's service, even the free one, then they need to ensure they are compliant to GDPR, as data controller and data processor.
Upvote
0
- No, it does not have to be stored in the EU, but if it is outside the EU it must comply with the conditions that allow such a transfer. (EU GDPR CHAPTER V)
- Email falls under GDPR - "any information relating to an identified or identifiable natural person" (EU GDPR Article 4 definition of personal data)
Upvote
0
Upvote
0
F
ffox
The main issue I have with G-Suite, so far as GDPR is concerned is that the platform is neither an Enterprise Content Management system, nor is it a Document Management system. I can make a Document Management system in G-Suite, but why would I bother when its competitor, Office 365 with SharePoint, fills both functions straight out-of-the-box.
O365 has full governance and compliance functions to accommodate warning and prevention of share when data contains such things as NI numbers, Swift Codes, Bank account numbers, etc. Simple to set up and simple to use.
O365 has full governance and compliance functions to accommodate warning and prevention of share when data contains such things as NI numbers, Swift Codes, Bank account numbers, etc. Simple to set up and simple to use.
Upvote
0
Not everyone has the same requirements or needs. The key is to use the solution that best fits your own individual requirements.
G Suite is not meant to be CMS nor is Office365. If you want a CMS then you need something Like WordPress, Joomla or one of the many other options.
If you want SharePoint, then you can get this separately without Office365 or G Suite, they are not mutually exclusive.
I used both Office365 and G Suite, and I chose G Suite for email and google drive and Office365 just for the desktop office apps. I have also used ZOHO as well.
The multitude of addons and plugins and integrations available with Gmail makes it a no-brainer compared to Microsoft if you need those things. The outlook webmail is very simple and there is just no comparison at all, and plugins for desktop Outlook doesn't come close.
For the online office apps, both are very basic, and if you want the same functionality as the desktop apps, you are going to be disappointed either way. But the Online Office apps come closer than Google Office Apps, especially if you need to open word or excel docs.
But then Google Apps gives you a lot more apps, including 3rd party apps.
OneDrive is fine for personal stuff, and it is convenient that it is built into Windows. But for business use I use Google Drive, as you have far greater controls over permissions and sharing and security. Such as the ability to share a file or folder with a specific person, and that person must have a google account and be logged in with that account to access the share. This is the default behaviour, even with a free gmail/gdrive account.
Whereas with OneDrive I can share a link, and anyone with that link can access the share. If you want more control akin to Google Drive, then you have pay extra for OneDrive for Business.
The Support is also a no-brainer, Google Support while not perfect, is so much better than Microsoft by a mile. Every time I have had to contact Office365 support it was a very painful experience.
Whenever I have had issues with clients not able to send an email via their website, this has been a complete dead end every time, as Microsoft support simply cannot comprehend the concept of sending an email via a website or anything other than Outlook, and will just keep telling you how to setup outlook. I was beating my head against a brick wall trying to explain to the tech that a website doesn't use outlook, LOL.
Nowadays I do not even bother and just use Amazon SES or Mailgun for website email by default.
G Suite is not meant to be CMS nor is Office365. If you want a CMS then you need something Like WordPress, Joomla or one of the many other options.
If you want SharePoint, then you can get this separately without Office365 or G Suite, they are not mutually exclusive.
I used both Office365 and G Suite, and I chose G Suite for email and google drive and Office365 just for the desktop office apps. I have also used ZOHO as well.
The multitude of addons and plugins and integrations available with Gmail makes it a no-brainer compared to Microsoft if you need those things. The outlook webmail is very simple and there is just no comparison at all, and plugins for desktop Outlook doesn't come close.
For the online office apps, both are very basic, and if you want the same functionality as the desktop apps, you are going to be disappointed either way. But the Online Office apps come closer than Google Office Apps, especially if you need to open word or excel docs.
But then Google Apps gives you a lot more apps, including 3rd party apps.
OneDrive is fine for personal stuff, and it is convenient that it is built into Windows. But for business use I use Google Drive, as you have far greater controls over permissions and sharing and security. Such as the ability to share a file or folder with a specific person, and that person must have a google account and be logged in with that account to access the share. This is the default behaviour, even with a free gmail/gdrive account.
Whereas with OneDrive I can share a link, and anyone with that link can access the share. If you want more control akin to Google Drive, then you have pay extra for OneDrive for Business.
The Support is also a no-brainer, Google Support while not perfect, is so much better than Microsoft by a mile. Every time I have had to contact Office365 support it was a very painful experience.
Whenever I have had issues with clients not able to send an email via their website, this has been a complete dead end every time, as Microsoft support simply cannot comprehend the concept of sending an email via a website or anything other than Outlook, and will just keep telling you how to setup outlook. I was beating my head against a brick wall trying to explain to the tech that a website doesn't use outlook, LOL.
Nowadays I do not even bother and just use Amazon SES or Mailgun for website email by default.
Upvote
0
F
ffox
Hmmm. I said nothing about CMS. This is for web site content management. I reported that G-Suite is not an Enterprise Content Management system, where O365 is. I leave it to you Google, or Bing, ECM and learn what it does.
The short version is that ECM provides a means to exercise control and governance over ALL data contained in an enterprise system. Even a one man business has data scattered across multiple file systems, on multiple devices. Personal information is held in file folders, contact lists, CRM systems, documents, spreadsheets and databases.
GDPR requires the data controllers and data processors exercise governance over that data.
G-Suite does not provide this capability, so a G-Suite user must implement other means to manage data. O365 does provide this capability. The Security and Compliance dashboard enables an admin to enable, with a few clicks, security for PECR and DPA (soon to be GDPR) across every data entry in the system.
Upvote
0
I don't need to learn what a CMS does thanks, I have been doing this a lot longer than you I suspect, but thanks for the sarcasm.
CMS stands for Content Management System, thus why I mentioned it.
I can send you a screenshot to show you where you mentioned those words if you think it will help.
As I said it is the best tool for the job. I will gladly recommend either O365 or G Suite and I am a partner for both. You seem to have an axe to grind with g suite though.
CMS stands for Content Management System, thus why I mentioned it.
I can send you a screenshot to show you where you mentioned those words if you think it will help.
As I said it is the best tool for the job. I will gladly recommend either O365 or G Suite and I am a partner for both. You seem to have an axe to grind with g suite though.
Upvote
0
F
ffox
You don't need to. Just highlight the words in my post and click 'quote', then add it to your reply.
I said -
That is Enterprise Content Management (ECM for short).
I have no issue with G-Suite, it's a good product, but it only does half the job that O365 does for a similar price.
I am not a partner to Microsoft or Google, despite many tempting financial offers to become one or the other. I prefer to remain Independant and impartial.
To clients I recommend the solution that is best for them, but in general I recommend Office 365 in the hope that Google will one day rise to the challenge of matching it, function for function, without the need to load up zillions of third party apps.
I'm beginning to think that's a lost cause though as Google scrapped its ECM development for G-Suite 2 or 3 years ago. Still. maybe there will be another emergent system sometime in the future.
Upvote
0
As I mentioned previously, you can get Sharepoint completely separately from Office365, they are not mutually exclusive.
Sharepoint has existed as a product long before O365, and you can get it from just about any windows hosting provider.
Neither office365 not G Suite is meant to be a ECMS or CMS. Both has various other apps as optional extras, Sharepoint being one of them, because it is made by Microsoft (DOH), but G Suite has far more to choose from than O365. There is of course no need for anyone to load up zillions of apps, that is just silly talk. You load up the apps you need, when you need them. If you don't need them don't use them. This is how computers have always worked, its nothing new.
Sharepoint has existed as a product long before O365, and you can get it from just about any windows hosting provider.
Neither office365 not G Suite is meant to be a ECMS or CMS. Both has various other apps as optional extras, Sharepoint being one of them, because it is made by Microsoft (DOH), but G Suite has far more to choose from than O365. There is of course no need for anyone to load up zillions of apps, that is just silly talk. You load up the apps you need, when you need them. If you don't need them don't use them. This is how computers have always worked, its nothing new.
Upvote
0
F
ffox
Can't think why anyone would want to, except if a business wanted on premises installation (very heavy on server requirement). SharePoint is bundled with the Office 365 E1 licence for as little as £6/user/month.
I worked with SP on prem from 2010 and started selling solutions on O365 in 2012 - I know it pretty well.
Sorry, but Office 365 is a fully powered up ECM system out-of-the-box. All of the file storage in Office 365 is homed in SharePoint space. That includes O365 plans which are advertised as not having SP. In O365 ProPlus, O365 Business and the Home/Student versions the SharePoint tools are missing, but the file storage in OneDrive for Business is still homed in a SharePoint space.
I always recommend client take a version with SP as the tools are not difficult to use and enable users to grow away from the computer file storage methods of operation.
On all Office 365 plans files are crawled and indexed by SharePoint on saving. This means that security and governance are fast and efficient. Other computer file storage systems, both local and cloud, require additional indexing for search and find, plus extra processing to intercept files at creation, load and modification to accommodate governance. This slows systems down.
With Office 365 it's all built in.
SharePoint is not an app, it's the platform that much of O365 sits upon. Files in OneDrive for Business and SharePoint are stored as BLOBS (binary large objects) and encrypted with AES keys at rest.
Few apps are necessary for Office 365. Some functionality is disabled in lower price plans, such as Skype, Yammer and Power Bi, but there is little need for third party apps.
Compare, if you will, the addition of a database function -
Office 365 -
1. Create a SP list
2. Add fields to suit your needs,
3. Import or enter data.
4. (Optional) If you want a mobile app that enables you to add records, or delete records. Open the list, click the PowerApps button and the app is created in around 30 seconds, and is available on any mobile device registered via control panel, provided the logged in user is authenticated.
G-Suite -
1. The choice of database is very limited. Spreadsheet is usually favoured, but it is single user only. You could use Google Cloud Storage, or you could use Cloud MySQL, both require extensive DB Admin knowledge and the MySQL option stores the data outside of the G-Suite security envelope.
2. Unless you are an experienced DB Admin - get a developer to do it
3. Buy or configure a free app. But, be careful you know where the data will be stored and add security and governance of the DB to your Administrator list.
4. Need I go on?
With Office 365 everything in the suite is contained within the Azure Active Directory security envelope. Sure you can buy apps developed by third parties, but to run them they have to be imported to your domain, the transport of data and data at rest are all within scope of your security policies.
Upvote
0
Latest Articles
-
Should you crowdfund? A framework for UK founders in 2026Three articles into a series on what crowdfunding actually costs, the...- Ozzy
- Updated:
-
The polls, the reframing, and the billion dollarsHow three letters from the early years of Star Citizen's development...
- Ozzy
- Updated:
-
The values trap: what the Punks actually ownedWhy BrewDog's Equity for Punks investors were structurally locked out...
- Ozzy
- Updated:
-
When belief is the business modelWhat BrewDog's collapse and Star Citizen's billion-dollar climb are...
- Ozzy
- Updated:
-
AI, Virtual Influencers and the Copyright Minefield: What Entrepreneurs Need to KnowI'll be upfront: this article was written with the assistance of an AI...
- Ozzy
- Updated: