For additional resources refer to Google Cloud's Privacy Resource Center

Google Cloud & the General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a privacy legislation that replaced the 95/46/EC Directive on Data Protection of 24 October 1995 on May 25, 2018. GDPR lays out specific requirements for businesses and organizations who are established in Europe or who serve users in Europe. It:

  • Regulates how businesses can collect, use, and store personal data
  • Builds upon current documentation and reporting requirements to increase accountability
  • Authorizes fines on businesses who fail to meet its requirements

At Google Cloud, we champion initiatives that prioritize and improve the security and privacy of customer personal data, and want you, as a Google Cloud customer, to feel confident using our services in light of GDPR requirements. If you partner with Google Cloud, we will support your GDPR compliance efforts by:

  1. Committing in our contracts to comply with the GDPR in relation to our processing of customer personal data in all Google Cloud Platform and Google Workspace services
  2. Offering additional security features that may help you to better protect the personal data that is most sensitive
  3. Giving you the documentation and resources to assist you in your privacy assessment of our services
  4. Continuing to evolve our capabilities as the regulatory landscape changes

Google Workspace & Google Cloud Platform Commitments to the GDPR

Data controllers must use data processors with appropriate technical and organisational measures. When conducting your GDPR assessment of Google Cloud consider the following:

Assessing Google Cloud based on Article 28

Article 28 of the GDPR lays out the requirements of a data processor who processes data on behalf of the data controller. See how our terms reflect these requirements.

FAQ

Answers to Frequently Asked Questions about Google Cloud and GDPR