GAT, GDPR Compliance and G Suite: How GAT+ Keeps You GDPR Complaint

GAT helps you ensure you meet your GDPR obligations

One of the most important aspects of GDPR is to be able to show that your staff and customer data is not carelessly exposed via file sharing or email attachments. In pursuit of this goal regular and scheduled testing of all content and shares should be carried out. GAT+ is designed to meet this obligation. In addition, from time to time it will be necessary for administration or security staff to inspect on-line content which may belong to other staff or customers. It is critical that this be carried out in a structured and approved workflow. GAT Unlock is currently the ONLY solution in the G Suite Marketplace that has such a structured workflow. This ensures that all access to all content is approved by properly appointed Security Officers within the company. Data leakage can occur not only via email and document sharing but also via the browser, using cut and paste, into any other web page the user is logged into on his or her browser. Detecting this dynamic flow of sensitive information is critical to ensuring proper compliance with GDPR. GAT Shield is designed to meet just such a requirement, watching and alerting in real time.

 

GDPR obligations

 

Our well thought out and sophisticated design that pre-dates the GDPR requirements means we have always coded to ensure none or minimal customer content ever has to pass through our architecture.

How GAT ensures it is GDPR compliant

Given its access to all aspects of your G Suite environment, the GAT family of products must themselves respect the GDPR environment for your data. GAT does this in several ways. The only data it collects and stores is your user metadata. This consists of username, company email address, access times, email addresses to and from the user account, email metadata, Google + postings with the domain account, files owned, calendars and appointments in the company domain and other non-specific usage data (such as membership of email groups, OUs, etc.). It does NOT collect any file or email content. It does not transfer any content to its servers for inspection. This is critical, other tools do this for content inspection, GAT+ avoids doing this and can still search content. GAT Shield, which is designed to look in real time for sensitive content, can also search and report on content without that content ever having to pass through our servers. Our well thought out and sophisticated design that pre-dates the GDPR requirements means we have always coded to ensure none or minimal customer content ever has to pass through our architecture. Finally, all idle databases are automatically deleted 30 days after last use and there is no metadata harvesting for future use.

Comments

comments