Google Cloud and common privacy principles

Our data processing agreement for Google Workspace and Google Cloud clearly articulates our privacy commitment to customers. We have evolved these terms over the years based on feedback from our customers and regulators. Any data that a customer and its users put into our systems will only be processed in accordance with the customer’s instructions.

Personnel confidentiality commitments

All Google employees are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy trainings, as well as our Code of Conduct training. Google’s Code of Conduct specifically addresses responsibilities and expected behavior with respect to the protection of information.

For full terms see: Google Cloud and Google Workspace - Cloud Data Processing Addendum (CDPA)

Google Group companies directly conduct the majority of data processing activities required to provide the Google Workspace and Google Cloud services. However, we do engage some third-party vendors to assist in supporting these services. Each vendor goes through a rigorous selection process to ensure it has the required technical expertise and can deliver the appropriate level of security and privacy.

We make information available about Google group subprocessors supporting Google Workspace and Google Cloud services, as well as third-party subprocessors involved in those services. 

For a full list of relevant contract terms see:

• Google Cloud and Google Workspace - Cloud Data Processing Addendum (CDPA)
• Definitions | Section 2.1
• Data Security | Section 7.1.2
• Data Security | Section 7.3.1 (b)
• Data Transfers | Section 10
• Subprocessors | Section 11
• Appendix 2.1–2.5
• Related Content: Google Cloud Platform Subprocessors
• Related Content: Google Workspace Subprocessors Agreement

• Google Cloud and Google Workspace - Cloud Data Processing Addendum (CDPA)
• Processing of Data | Section 5.2

• Google Cloud - Google Cloud Terms of Services
• Confidential Information | Section 7
• Data Security | Section 7.1.2
• Data Security | Section 7.5.3
• Personnel Security | Appendix 2.4

Google operates a global infrastructure designed to provide state-of-the-art security through the entire information processing lifecycle. This infrastructure is built to provide secure deployment of services, secure storage of data with end-user privacy safeguards, secure communications between services, secure and private communication with customers over the Internet, and safe operation by administrators. Google Workspace and Google Cloud run on this infrastructure.

We designed the security of our infrastructure in layers that build upon one another, from the physical security of data centers, to the security protections of our hardware and software, to the processes we use to support operational security. This layered protection creates a strong security foundation for everything we do. A detailed discussion of our Infrastructure Security can be found in our Google infrastructure security design overview whitepaper.

Availability, Integrity and Resilience

Google designs the components of our platform to be highly redundant. Google’s data centers are geographically distributed to minimize the effects of regional disruptions on global products such as natural disasters and local outages. In the event of hardware, software, or network failure, services are automatically and instantly shifted from one facility to another so that operations can continue without interruption. Our highly redundant infrastructure helps customers protect themselves from data loss.

Equipment Testing and Security

Google utilizes barcodes and asset tags to track the status and location of data center equipment from acquisition to installation, retirement, and destruction. If a component fails to pass a performance test at any point during its lifecycle, it is removed from inventory and retired. Google hard drives leverage technologies, such as Full Disk Encryption (FDE) and drive locking, to protect data at rest.

Disaster Recovery Testing

Google conducts disaster recovery testing on an annual basis to provide a coordinated venue for infrastructure and application teams to test communication plans, fail-over scenarios, operational transition, and other emergency responses. All teams that participate in the disaster recovery exercise develop testing plans and post mortems which document the results and lessons learned from the tests.

Encryption

Google uses encryption to protect data in transit and at rest. Google Workspace data in transit between regions is protected using HTTPS, which is activated by default for all users. Google Workspace and Google Cloud services encrypt customer content stored at rest, without any action required from customers, using one or more encryption mechanisms. 

Access Controls

For Google employees, access rights and levels are based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. Requests for additional access follow a formal process that involves a request and an approval from a data or system owner, manager, or other executives, as dictated by Google’s security policies. Data centers that house Google Cloud systems and infrastructure components are subject to physical access restrictions and equipped with 24 x 7 on-site security personnel, security guards, access badges, biometric identification mechanisms, physical locks and video cameras to monitor the interior and exterior of the facility.

Incident Management

Google has a dedicated security team responsible for security and privacy of customer data and managing security 24 hours a day and 7 days a week worldwide. Individuals from this team receive incident-related notifications and are responsible for helping resolve emergencies 24 x 7. Incident response policies are in place and procedures for resolving critical incidents are documented. Information from these events is used to help prevent future incidents and can be used as examples for information security training. Google incident management processes and response workflows are documented. Google’s incident management processes are tested on a regular basis as part of our ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27001, PCI-DSS, SOC 2 and FedRAMP programs to provide our customers and regulators with independent verification of our security, privacy, and compliance controls. More information on our incident response process can be found in our Data incident response process whitepaper.

Vulnerability Management

We scan for software vulnerabilities using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration testing, quality assurance processes, software security reviews, and external audits. We also rely on the broader security research community and greatly value their help identifying any vulnerabilities in Google Workspace, Google Cloud, and other Google products. Our Vulnerability Reward Program encourages researchers to report design and implementation issues that may put customer data at risk.

Product security - Google Workspace: To learn more, please visit https://workspace.google.com/security

Product security - Google Cloud: To learn more, please visit https://cloud.google.com/security/

For full terms, see:

• Google Cloud and Google Workspace - Cloud Data Processing Addendum (CDPA)
• Data Security | Section 7
• Security Measures | Appendix 2
• Related Content: Google security whitepaper

Data Subject's Rights

Data controllers can use the Google Workspace and Google Cloud administrative consoles and services functionality to help access, rectify, restrict the processing of, or delete any data that they and their users put into our systems. This functionality will help them fulfill their obligations to respond to requests from data subjects to exercise their rights under the GDPR.

Data Protection Team

Google has designated a DPO for Google LLC and its subsidiaries, to cover data processing subject to the GDPR, including as part of our Cloud products and services. Kristie Chon Flynn is Google's Data Protection Officer. Kristie Chon Flynn is based in Sunnyvale in the U.S.

Where required, Google Cloud products have designated teams to address customer inquiries in relation to data protection. The way to contact these teams is described in the relevant agreement. For Google Workspace the Cloud Data Protection Team can be contacted by Customer’s administrators at https://support.google.com/a/contact/googlecloud_dpr (while administrators are signed in to their admin account) and/or directly by providing a notice to Google as described in the applicable agreement. For Google Cloud, that team can be contacted at https://support.google.com/cloud/contact/dpo.

Incident Notifications

Google Workspace and Google Cloud have provided contractual commitments around incident notification for many years. We will continue to promptly inform you of incidents involving your customer data in line with the data incident terms in our current agreements.

For full terms, see:

• Google Cloud and Google Workspace - Cloud Data Processing Addendum (CDPA)
• Impact Assessments and Consultations | Section 8

Administrators can export customer data, via the functionality of the Google Workspace or Google Cloud services (consult Google Cloud documentation for further information), at any time during the term of the agreement. We have included data export commitments in our data processing terms for several years, and will continue to work to enhance our data export capabilities, making it even easier for you to download a copy of your customer data from Google Workspace and Google Cloud services.

You can also delete customer data, using the functionality of the Google Workspace or Google Cloud services, at any time. When Google receives a complete deletion instruction from you (such as when an email you have deleted can no longer be recovered from your “trash”), Google will delete the relevant customer data from all of its systems within a maximum period of 180 days unless retention obligations apply.

For full terms, see:

• Google Cloud and Google Workspace - Cloud Data Processing Addendum (CDPA)
• Data Deletion | Section 6
• Data Subject Rights; Data Export | Section 9.1

Google Cloud and Google Workspace - Cloud Data Processing Addendum (CDPA)

Data Security | Section 7.4

In addition to agreement terms, our customers and regulators expect independent verification of security, privacy, and compliance controls. Google Workspace and Google Cloud undergo several independent third-party audits on a regular basis to provide this assurance.

ISO/IEC 27001 (Information Security Management):

ISO/IEC 27001 is one of the most widely recognized, internationally accepted independent security standards. Google has earned ISO/IEC 27001 certification for the systems, applications, people, technology, processes, and data centers that make up our shared Common Infrastructure as well as for Google Workspace and Google Cloud products. You can access these certificates with Compliance reports manager.

ISO/IEC 27017 (Cloud Security):

ISO/IEC 27017 is an international standard of practice for information security controls based on ISO/IEC 27002, specifically for Cloud Services. Google has been certified compliant with ISO/IEC 27017 for Google Workspace and Google Cloud. You can access these certificates with Compliance reports manager.

ISO/IEC 27018 (Cloud Privacy):

ISO/IEC 27018 is an international standard of practice for protection of personally identifiable information (PII) in Public Cloud Services. Google has been certified compliant with ISO/IEC 27018 for Google Workspace and Google Cloud. You can access these certificates with Compliance reports manager.

ISO/IEC 27701 (Privacy Information Management):

ISO/IEC 27701 is a global privacy standard that focuses on the collection and processing of personally identifiable information (PII). This standard extends the requirements of ISO/IEC 27001 and ISO/IEC 27002 to include data privacy. We have received accredited ISO/IEC 27701 certification as a PII processor for both Google Workspace and Google Cloud. You can access these certificates with Compliance reports manager.

SSAE18/ISAE 3402 (SOC 2/3):

The American Institute of Certified Public Accountants (AICPA) SOC 2 (Service Organization Controls) and SOC 3 audit framework defines Trust Principles and criteria for security, availability, processing integrity, and confidentiality. Google has both SOC 2 and SOC 3 reports for Google Workspace and Google Cloud. You can access these certificates with Compliance reports manager.