We help make Google Workspace safer for everyone.


One of the most important aspects of GDPR is to be able to show that your staff and customer data is not carelessly exposed via file sharing or email attachments. In pursuit of this goal, regular and scheduled testing of all content and shares should be carried out.

  • Access Control
  • Data Mapping
  • Incident Management
  • PIA
  • Policy Management
  • Risk Management
  • Sensitive Data Identification
  • DPIA
GAT GDPR Compliance and Google Workspace 1

How GAT differs from its competitors in GDPR compliance.

GAT has several key differentiators that make it the most suitable tool for GDPR compliance testing and enforcement in the Google Workspace marketplace. Our competitors in this space lack these key features.

  • Proper workflow to ensure only approved access to sensitive content

  • Real-time monitoring of all sensitive information being typed, copied or pasted

  • Covers all Chrome browser-based activity

  • No sensitive content ever has to pass through our servers

  • Report on file loss via email attachment

  • Designed to compliment Google Workspace DLP

Does the GDPR require processing of personal data in the EU?

No. Like the 95/46/EC Directive on Data Protection, the GDPR sets forth certain conditions for the transfer of personal data outside of the EU. Such conditions can be met via mechanisms such as model contract clauses. Given its access to all aspects of your Google Workspace environment, the GAT Suite must themselves respect the GDPR environment for your data.

Click here to know more
GAT GDPR Compliance and Google Workspace 5

How does GAT ensure it is GDPR compliant?

Given its access to all aspects of your Google Workspace environment, the GAT Suite itself must respect the GDPR environment for your data.

GAT does this in several ways. The only data it collects and stores is your user metadata. This consists of username, company email address, access times, email addresses to and from the user account, email metadata, Google + postings with the domain account, files owned, calendars and appointments in the company domain, and other non-specific usage data (such as membership of email groups, OUs, etc.).

It does NOT collect any file or email content. It does not transfer any content to its servers for inspection. This is critical – other tools do this for content inspection, while GAT+ avoids doing this and can still search content. GAT Shield, which is designed to look in real-time for sensitive content, can also search and report on content without that content ever having to pass through our servers.

Our well thought out and sophisticated design that pre-dates the GDPR requirements means we have always coded to ensure no or minimal customer content ever has to pass through our architecture. Finally, all idle databases are automatically deleted 30 days after last use and there is no metadata harvesting for future use.

Third Party Risk Assessment

Would you like to know more?

Book a Live Demo
Request a Fresh Trial