A client comes to me — hairdresser, ten years in business, knows how to run the shop well. I ask her about her business email.
"Gmail. It works, right?"
Yes, it works. To send a message. But when I ask what she does when she needs to send something important, the answer is WhatsApp. Or worse: important documents via PEC to a normal Gmail address.
She thinks she's safe. She doesn't even realize she's making three serious mistakes at once.
Another client bragged about having endless email lists. True. But when I dig into how he acquired them, I discover they were collected on the company domain without respecting any privacy regulations. When I explain the risk — fines, GDPR, personal liability — the automatic response is: "But come on, they're not going to come after me".
Until I make him understand that the wallet is what speaks. The fines aren't a legend.
Then there's the dentist. Structured, everything correct on paper. He's had a NAS in the office for years. Doesn't know what it's for. He has "cloud" backup but has no idea where the data lives. American servers? European? Who can access it? What does it mean for GDPR?
He reads "backup and cloud" like magic words that protect him.
The Real Problem Behind All These Cases
Behind these three cases is always the same problem: nobody really knows what they're doing with their email.
You use it like it's an app for sending messages. Period. You don't think about where your data lives, who can access it, what happens if the provider decides they don't want you anymore, what legal obligations you have when you communicate, where your backups are. You don't think about any of it.
And then when I try to explain that the solution is having your own domain, people only start to understand when I tell it to them like this:
"Your business email is like the house you live in. Right now you're using someone else's apartment. If Gmail decides they don't like you anymore, they kick you out. Your data stays there. You can't move it easily. You're in their hands."
The reaction is always the same: "Ah. Ok."
It's not complicated. It's just that nobody had ever explained it to them that way.
Your own domain is your digital house. It doesn't mean building a condo. It doesn't mean having a website. It means having your own address — info@yourshop.com — where you control what happens.
From there on, everything else becomes logical.
The Awareness That Changes Everything
When you explain to the barber that his email needs to be in Europe, not America, he understands why. When you tell the dentist he has sensitive data (patients, diagnoses) and so local backup isn't optional, he understands. When you tell the email list client that there are rules and when you communicate you're bound by security and privacy obligations, he stops resisting.
People don't resist technology. They resist not understanding why they should do it.
The barber uses Gmail because he thinks it works. When he finds out it works for sending messages but not for protecting his business, he changes his mind on his own.
The list client understands it's not "theoretical GDPR" — it's that in six months a communication could arrive that costs him dearly. Then the theoretical becomes concrete.
The dentist understands that local backup isn't tech paranoia — it's that if patient data is in America without protection, he's personally responsible.
The Truth About PEC
On PEC — everyone uses it for "security". They send it when they want it to arrive "for real".
Here's the truth: PEC certifies that a communication was sent and received. Period. It doesn't make the content "legal" or "appropriate".
If you write something stupid and send it by PEC, it's still stupid. Only now it's certified.
Would you ever send insults by registered mail? Since you're writing them in an email? If you wouldn't send them certified, don't write them in email either.
You use it when you have a formal communication with legal value. A notice, a termination, an official complaint. When the law explicitly requires it. Not for "general security".
For normal communications with clients, for internal coordination, for messages you want to arrive safely — a normal email from your own domain with decent backup is enough.
Where Your Data Lives
What you don't see is where your data lives.
The dentist didn't even know where his backups were. When I explained that if they live in America he has additional GDPR obligations, and if they live in Europe it's automatically compliant — he understood it wasn't paranoia. It was legal compliance.
Simple rule: where your data lives is where you must respect the laws. Data in Europe means GDPR directly applies. Data outside Europe means complex agreements that are often non-compliant.
For a small business, a company that wants peace of mind? Always Europe.
The Next Step
And so when the barber understands that his domain is his digital house — not optional, not something "maybe I'll do someday" — things change.
When the list client understands it's not a moral warning but something that costs money — it changes.
When the dentist understands that local backup isn't an added cost but a legal necessity — he implements it.
It's not marketing. It's not fear. It's awareness of what you're using and why.
It's probably already happening to you. You use business email on Gmail, send important things via WhatsApp, don't know where your backups are, think "cloud" is magic armor, believe PEC solves everything.
None of these is a mortal sin.
But when the moment comes — and it always does — where you have to answer the question "where is my data, who has access, when do I delete it" — if you can't answer because you just use Gmail, the problem becomes serious.
The solution isn't complicated.
It's a domain. A professional email. A backup.
Monday morning, start there.
If You Don't Know Where To Start
If you don't know where to start. If you don't have time. If you're afraid of getting it wrong — it's legitimate. Or you simply want to verify that everything is in order.
That's how I work. Small steps, trust relationship, no rushing.
Contact me