Is Google Docs capable of GDPR compliance?
537 views
Skip to first unread message
Kieran Kelly
Mar 16, 2018, 11:55:08 AM3/16/18
to EU DPD-GDPR Legal Compliance
Is Google Docs GDPR compatible/compliant? i.e if account is created in EU are docs stored only in EU. All my research so far indicate that only G Suite is compatible.
Paolo Guarda
Apr 9, 2018, 3:30:18 AM4/9/18
to EU DPD-GDPR Legal Compliance
Hi, actually to provide a trusting answer we should analyse in details the service (as far as it would be possible). From a general point of view the services provided by Google should/shall be compliant with GDPR since art. 3, par. 2 of GDPR (Territorial scope) states that : "This Regulation applies to the processing of
personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities
are related to: a) the offering of goods or services,
irrespective of whether a payment of the data subject is required, to
such data subjects in the Union; or b) the monitoring of their behaviour as far as their behaviour takes place within the Union".
As regarding to the localization of the servers, actually it is not essential question. obviously it is preferable that the server is located within the EU. if this is not the case, the necessary thing is that the processing is compliant with the provisions established by chapter V /(Transfers of personal data to third countries or international organisation) artt. 44 ff of GDPR.
Obviously then it is up to the kind of data we are going to store and then the assessment that data controller could possibly provide for (ie if you take into consideration health data, I carefully consider the fact that these are saved extra EU and then I would prefer European servers).
More generally we should discuss how much Google has this problem at heart of its business (the analysis can reach up to a certain point on our part). And so the advice is to choose services truly profiled with the kind of processing we want to put in place.
I hope I have added some useful elements.
As regarding to the localization of the servers, actually it is not essential question. obviously it is preferable that the server is located within the EU. if this is not the case, the necessary thing is that the processing is compliant with the provisions established by chapter V /(Transfers of personal data to third countries or international organisation) artt. 44 ff of GDPR.
Obviously then it is up to the kind of data we are going to store and then the assessment that data controller could possibly provide for (ie if you take into consideration health data, I carefully consider the fact that these are saved extra EU and then I would prefer European servers).
More generally we should discuss how much Google has this problem at heart of its business (the analysis can reach up to a certain point on our part). And so the advice is to choose services truly profiled with the kind of processing we want to put in place.
I hope I have added some useful elements.
Reply all
Reply to author
Forward
0 new messages