There is no mandate which says governors must have school email addresses - although many schools do provide one for governors.
The balance any school needs to strike is between ease-of-use for the governors and information security. As GovernorHub is a secure system, governors and schools can use any email address to login although we do recommend making sure it's one they access regularly (communications to governors are often time critical).
One of the key benefits of using GovernorHub is that you never need to send documents as email attachments. All of your documents are kept securely in the encrypted GovernorHub database and the email notifications only contain links to the documents, which will only work for authorised users on the board. Therefore as long as you refrain from putting personal data in the body text of the noticeboard posts, then it doesn't matter what email addresses the governors and headteacher are using, because they are not receiving emails which contain personal data.
We always argue that if a board is using GovernorHub then the GDPR benefits of using school-specific email addresses are minimal. GovernorHub removes the need to send any email attachments (school email addresses don't stop you sending attachments) and GovernorHub security remains strong no matter where the email notifications end up (most school email addresses don't stop governors from forwarding their school emails to their personal email accounts - which eliminates all the security benefits of a school address). The GovernorHub noticeboard provides an audit trail of communications and the document store provides an encrypted database of all board documents so there are not multiple copies in circulation.
Finally, school email addresses are just another thing for Governors to remember. They require a different email address and usually a different password which is subject to a complicated protocol (eg. min 8 characters including a number and symbol, must be changed every 12 weeks etc). This makes it much more likely that the password will be written down or stored somewhere, which increases vulnerability.