GDPR stands for General Data Protection Regulation. The GDPR went into effect on May 25, 2018 and is the root of Europe’s digital privacy legislation. It lays out specific requirements for businesses and organizations that are established in Europe or who serve users in Europe. The GDPR regulates how businesses can collect, use, and store personal data. If you are a G Suite user and have a business in Europe or serve European customers, then it is important to know is G Suite GDPR compliant?
According to Google, keeping user information safe, secure, and private is one of their highest priorities.
Google reports that they have worked closely over the years with data protection authorities around the world. As a result, they have put into place strong privacy protections reflective of their guidance.
The GDPR aims to reinforce personal data protection in Europe. It also impacts businesses worldwide.
With many organizations that use Google’s G Suite being impacted by the GDPR, the question of whether or not G Suite is GDPR compliant is important.
So, Is G Suite GDPR Compliant?
The answer to that question is yes, G Suite is GDPR compliant. However, users have a responsibility in the establishment and maintenance of that compliance, and I’ll get into that in this article.
Why is it important for G Suite to be GDPR compliant?
GDPR compliance is important to protect sensitive personal data. Organizations are required to be GDPR compliant if they are established in Europe. Businesses in America or elsewhere who serve users in Europe are similarly bound. Those that are not can face authorized fines, and those fines can quickly add up and be substantial.
In short, it’s important to protect your company from fines and law suits by ensuring that you are GDPR compliant.
Steps to Make G Suite GDPR compliant
To meet the requirements of the GDPR, G Suite offers customers the Data Processing Amendment and model contract clauses.
Users must accept these amendments in order to be GDPR compliant when using G Suite.
Below are the directions to accept the amendments:
How to Review and Accept the Data Processing Amendment in G Suite
- Sign in to your Google Admin console and make sure you use an account with super administrator privileges.
- From the Admin console home page, go to Company profile Legal & compliance.
- To see Legal & compliance, you might have to click Show more at the bottom.
- The place where you’ll review and accept the data processing amendment can be found in the Security and Privacy Additional Terms. You’ll see this alongside the Data Processing Amendment to G Suite Agreement. You just have to click “Review and Accept.”
- Ensure that you or the appropriate individuals within your organization review the DPA 2.1 (or later version).
- Click I Accept.
How to Review and Accept Model Contract Clauses in G Suite
- Sign in to your Google Admin console. Again you’ll want to use a G Suite account that has super administrator privileges.
- From the Admin console Home page, go to Company profile Legal & compliance.
- You may have to click “Show More” at the bottom of the page to view this.
- You’ll click “Review and Accept” in the Security and Privacy Additional Terms. Choose from the EU Model Contract Clauses for G Suite or the EU Model Contract Clauses for Cloud Identity.
- Ensure that you or an appropriate person within your organization reviews the contract clauses.
- Click I Accept.
Related: Is G Suite HIPAA Compliant?
What is Google’s Data Processing Agreement?
Google’s Data Processing Agreement establishes Google to act as a processor of the personal data that is submitted, stored, sent, or received via G Suite services.
Under the agreement, the customer generally serves as the controller of such personal data, which means that the customer determines the purposes and means of processing that data. By acting as a processor, Google processes such data on the customer’s behalf and under the customer’s instructions.
The G Suite Data Processing Agreement articulates Google’s privacy commitment to its customers.
Over the years, the terms of this agreement have evolved based on regulator and customer feedback.
Google continues to monitor the evolution of international data transfer mechanisms under GDPR. This ensures data transfer compliance with applicable data protection laws.
Services Covered Under the G Suite Data Processing Agreement?
The G Suite Core services are governed by the G Suite Terms of Service and in the scope of the G Suite DPA.
You can find the list of G Suite Core Services here.
G Suite Core Services can be configured to assist in making sure your organization’s data is secured, used, and accessed according to the requirements unique to your organization.
Google suggests seeking advice from your legal, compliance, security teams to determine what configurations are the most appropriate for your organization.