This topic provides information about Cloud Data Loss Prevention (DLP) and data security, including certifications, compliance (including GDPR), and encryption. For additional information about data security and Google Cloud Platform, see Google Cloud Platform Security.
Cloud DLP is listed in the following certifications and documents:
- ISO/IEC 27001
- ISO/IEC 27017:2015
- ISO/IEC 27018:2014
- Payment Card Industry Data Security Standard (PCI DSS)
- HIPAA business associate agreement (BAA)
- Multi-Tier Cloud Security (MTCS) Singapore Standard (SS) 584
For more, see Standards, regulations & certifications.
Compliance with the European Union General Data Protection Regulation (GDPR) is a top priority for Google Cloud and our customers.
While Cloud DLP offers several built-in infoType detectors that may be applicable to GDPR compliance, you may need to build your own custom infoType detectors, and should test thoroughly to ensure that the tool fits your specific needs.
You are encouraged to read the Google Cloud and GDPR overview to learn more about the available resources for GDPR compliance with Google Cloud.
For information about encryption in transit and GCP services, see Encryption in Transit in Google Cloud Platform.
For information about encryption at rest and GCP services, see Encryption at Rest in Google Cloud Platform.
For information about the security measures in place for Google's Cloud Services, please see the Google Cloud Platform Security page.