With the ability to specify a region in which to perform your Cloud Data Loss Prevention (DLP) operations, you can control where your potentially sensitive data is processed. This topic explains the concept of Cloud DLP processing location and shows you how to specify a region.
About regions and multi-regions
A region is a specific geographic place, such as the western United States or northeast Asia. A multi-region location (or just multi-region) is a large geographic area, such as the European Union, that contains two or more geographic regions.
A good location balances latency, availability, and bandwidth costs.
Use a region to help optimize latency and network bandwidth.
Use a multi-region when you want to process data from outside of the Google network and distributed across large geographic areas, or when you want the higher availability that comes with being geo-redundant.
Generally, you should process your data in a location that is convenient or contains the majority of the users of your data.
Specify a region
To specify a region in which Cloud DLP will process your request:
Choose a region when setting up your Cloud DLP operation.
For example, when creating a job trigger, choose a location from the Resource location menu, as shown here:
If data residency is not a concern, use the Global region and Google chooses the location where processing should take place. Global is the default region choice.
Insert region information into the request endpoint URL. If data residency is
not a concern, use the
global region and Google chooses the location where
processing should take place. Note that any resources created by a request that
global region are stored under the
Following are some example requests, sent first to the
global region, and then
to a region for the west coast of the United States.
Global region request:
The following two requests have the same effect. Not including a region is the
same as specifying
To specify a region for processing, within the resource URL, insert
locations/ and then the region name.
When you scan a storage repository such as Cloud Storage or
BigQuery, you should specify the same location in your
Cloud DLP request as the location of the repository you're
scanning. For example, if the BigQuery dataset is in the European
Union multi-region location, specify the European Union multi-region (
when configuring the Cloud DLP job.
If you do not co-locate your Cloud DLP request with the storage repository you're scanning, processing of your request may be split between the location of the data and the location specified in the request.