How do I get the GoBS security that is needed to be in compliance with German law for business applications electronically storing invoices?

[AX Business Solutions AG]

Dear all,

we have developed an bussiness application in the google app engine environement called ax-easy. This application creates invoices in and for Germany and stores them in the google big table. In Germany there is a law called GoBS that regulates the security for storing data that is required for storing invoices. E.g. it says that the data only is allowed to be stored on places withing Europe. What do I have to do - whom do I have to contact - to ensure this. I am a customer for the google app engine that pays. I filled a ticket: #01948076] Wie lautet meine Kunden-PIN? - ich kenne meinen Domain-Namen nicht.. [ref:_00D00VNwG    [ ref:_00D00VNwG._50060HI5vP:ref ] to where I pay the money for the app engine service - but they old me that they don't knwo how to help and don't know how to contact. They told me the google app engine is within an other organization of google and has nothing to do with Google Enterprise Support <esup...@google.com>. I was pretty shocked about this answer and therefore I am asking here for help.

Best regards,

Martin Rupp

www.ax-ag.com

Die Grundsätze ordnungsmäßiger DV-gestützter Buchführungssysteme (GoBS) sind Regeln zur Buchführung mittels Datenverarbeitungssystemen. Sie wurden von der deutschen Finanzverwaltung per Schreiben des Bundesfinanzministeriums vom 28. Juli 1995 ausgegeben und traten an die Stelle der Grundsätze ordnungsmäßiger Speicherbuchführung (GoS) vom 5. Juli 1978 (BMF IV A 7 – S 0316 – 7/78, BStBl. I S. 250).

[Philip Kilner]

Hi Martin,

On 22/02/2012 12:13, AX Business Solutions AG wrote:
> In Germany there is
> a law called GoBS that regulates the security for storing data that is
> required for storing invoices. E.g. it says that the data only is
> allowed to be stored on places withing Europe. What do I have to do -
> whom do I have to contact - to ensure this.
>

I'm in the UK, but the data protection regime is broadly similar here.

The two things you need to know are: -

- Although Google don't say "all of GAE is in Maintain View, CA", they
do say it's all in a "North American Data Centre" - so your data will
certainly be in the USA.

- There is a "Safe Harbour" provision that covers this case, so I
/believe/ (IANAL!) that you will be compliant.

See here: -

http://export.gov/safeharbor/eu/eg_main_018365.asp

...for example.

HTH

--

Regards,

PhilK

'a bell is a cup...until it is struck'

[alex]

As an alternative, you could switch to Google Cloud Storage which allows to put a location constraint on where the data should live (EU or US)

https://developers.google.com/storage/docs/developer-guide#specifyinglocations

-- alex

https://plus.google.com/u/0/114517983826182834234