How does GAT ensure it is GDPR compliant?
Given its access to all aspects of your Google Workspace environment, the GAT Suite itself must respect the GDPR environment for your data.
GAT does this in several ways. The only data it collects and stores is your user metadata. This consists of username, company email address, access times, email addresses to and from the user account, email metadata, Google + postings with the domain account, files owned, calendars and appointments in the company domain, and other non-specific usage data (such as membership of email groups, OUs, etc.).
It does NOT collect any file or email content. It does not transfer any content to its servers for inspection. This is critical – other tools do this for content inspection, while GAT+ avoids doing this and can still search content. GAT Shield, which is designed to look in real-time for sensitive content, can also search and report on content without that content ever having to pass through our servers.
Our well thought out and sophisticated design that pre-dates the GDPR requirements means we have always coded to ensure no or minimal customer content ever has to pass through our architecture. Finally, all idle databases are automatically deleted 30 days after last use and there is no metadata harvesting for future use.