Google Cloud & the General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a privacy legislation that replaced the 95/46/EC Directive on Data Protection of 24 October 1995 on May 25, 2018. GDPR lays out specific requirements for businesses and organizations who are established in Europe or who serve users in Europe. It:
- Regulates how businesses can collect, use, and store personal data
- Builds upon current documentation and reporting requirements to increase accountability
- Authorizes fines on businesses who fail to meet its requirements
At Google Cloud, we champion initiatives that prioritize and improve the security and privacy of customer personal data, and want you, as a Google Cloud customer, to feel confident using our services in light of GDPR requirements. If you partner with Google Cloud, we will support your GDPR compliance efforts by:
- Committing in our contracts to comply with the GDPR in relation to our processing of customer personal data in all Google Cloud and Google Workspace services
- Offering additional security features that may help you to better protect the personal data that is most sensitive
- Giving you the documentation and resources to assist you in your privacy assessment of our services
- Continuing to evolve our capabilities as the regulatory landscape changes
Google Workspace & Google Cloud Commitments to the GDPR
Data controllers must use data processors with appropriate technical and organisational measures. When conducting your GDPR assessment of Google Cloud consider the following:
EXPERT KNOWLEDGE, RELIABILITY & RESOURCES
Data Protection Expertise Google employs security and privacy
professionals that include some of the
world’s foremost experts in information,
application, and network security. This
expert team is tasked with maintaining the
company’s defense systems, developing
security review processes, building
stronger security infrastructure, and
precisely implementing Google’s security
policies. Google also employs an extensive team of
lawyers, regulatory compliance experts,
and public policy specialists who look
after privacy and security compliance for
Google Cloud. These teams work with customers, industry
stakeholders, and supervisory authorities
to ensure our Google Workspace and Google
Cloud services can help customers meet
their compliance needs.
DATA PROTECTION COMMITMENTS
Data Processing Agreements Our data processing agreements
for Google Workspace and Google Cloud clearly
articulate our privacy commitment to
customers. We have evolved these terms
over the years based on feedback from our
customers and regulators. We specifically updated these terms to
reflect the GDPR, and, to facilitate our
customers' compliance assessment and GDPR
readiness when using Google Cloud
services. Learn more about
the Google Workspace Data Processing Amendment,
the Google Workspace EU Standard Contract Clauses,
the
Google Cloud Data Processing and Security Terms,
and the
Google Cloud EU Standard Contract Clauses (SCCs).
Our customers can enter into these
updated data processing terms via the opt
in process described for
the Google Workspace Data Processing Amendment
and the
Google Cloud Data Processing and Security Terms.
Processing According to Instructions Any data that a customer and its users
put into our systems will only be
processed in accordance with the
customer’s instructions, as described in
our GDPR-updated data processing
agreements. Personnel Confidentiality Commitments All Google employees are required to sign
a confidentiality agreement and complete
mandatory confidentiality and privacy
trainings, as well as our Code of Conduct
training. Google’s Code of Conduct
specifically addresses responsibilities
and expected behavior with respect to the
protection of information.
USE OF SUBPROCESSORS
Google Group companies directly conduct
the majority of data processing activities
required to provide the Google Workspace
and Google Cloud services. However, we do
engage some third-party vendors to assist
in supporting these services. Each vendor
goes through a rigorous selection process
to ensure it has the required technical
expertise and can deliver the appropriate
level of security and privacy. We make information available about
Google group subprocessors
supporting Google Workspace and Google Cloud
services, as well as third-party
subprocessors involved in those services.
See here for
Google Workspace subprocessor details,
and here
for Google Cloud subprocessor details. We
also include commitments relating to
subprocessors in our data processing
agreements.
SECURITY OF THE SERVICES
According to the GDPR, appropriate
technical and organisational measures
shall be implemented to ensure a level of
security appropriate to the risk. Google operates a global infrastructure
designed to provide state-of-the-art
security through the entire information
processing lifecycle. This infrastructure
is built to provide secure deployment of
services, secure storage of data with
end-user privacy safeguards, secure
communications between services, secure
and private communication with customers
over the Internet, and safe operation by
administrators. Google Workspace and
Google Cloud run on this infrastructure.
We designed the security of our
infrastructure in layers that build upon
one another, from the physical security of
data centers, to the security protections
of our hardware and software, to the
processes we use to support operational
security. This layered protection creates
a strong security foundation for
everything we do. A detailed discussion of
our Infrastructure Security can be found
in
Google Infrastructure Security Design Overview Whitepaper.
Availability, Integrity &
Resilience Google designs the components of our
platform to be highly redundant. Google’s
data centers are geographically
distributed to minimize the effects of
regional disruptions on global products
such as natural disasters and local
outages. In the event of hardware,
software, or network failure, services are
automatically and instantly shifted from
one facility to another so that operations
can continue without interruption. Our
highly redundant infrastructure helps
customers protect themselves from data
loss. Equipment Testing and Security
Google utilizes barcodes and asset tags
to track the status and location of data
center equipment from acquisition to
installation, retirement, and destruction.
If a component fails to pass a performance
test at any point during its lifecycle, it
is removed from inventory and retired.
Google hard drives leverage technologies,
such as Full Disk Encryption (FDE) and
drive locking, to protect data at rest.
Disaster Recovery Testing Google conducts disaster recovery testing
on an annual basis to provide a
coordinated venue for infrastructure and
application teams to test communication
plans, fail-over scenarios, operational
transition, and other emergency responses.
All teams that participate in the disaster
recovery exercise develop testing plans
and post mortems which document the
results and lessons learned from the
tests. Encryption Google uses encryption to protect data in
transit and at rest. Google Workspace data
in transit between regions is protected
using HTTPS, which is activated by default
for all users. Google Workspace and Google
Cloud services encrypt customer content
stored at rest, without any action
required from customers, using one or more
encryption mechanisms. A detailed
discussion of how we encrypt data can be
found in these resources:
Workspace Encryption Whitepaper,
and Google Cloud Encryption
in transit
and
at rest.
Access Controls For Google employees, access rights and
levels are based on job function and role,
using the concepts of least-privilege and
need-to-know to match access privileges to
defined responsibilities. Requests for
additional access follow a formal process
that involves a request and an approval
from a data or system owner, manager, or
other executives, as dictated by Google’s
security policies. Data centers that house
Google Cloud systems and infrastructure
components are subject to physical access
restrictions and equipped with 24 x 7
on-site security personnel, security
guards, access badges, biometric
identification mechanisms, physical locks
and video cameras to monitor the interior
and exterior of the facility. Incident Management Google has a dedicated security team
responsible for security and privacy of
customer data and managing security 24
hours a day and 7 days a week worldwide.
Individuals from this team receive
incident-related notifications and are
responsible for helping resolve
emergencies 24 x 7. Incident response
policies are in place and procedures for
resolving critical incidents are
documented. Information from these events
is used to help prevent future incidents
and can be used as examples for
information security training. Google
incident management processes and response
workflows are documented. Google’s
incident management processes are tested
on a regular basis as part of our ISO/IEC
27017, ISO/IEC 27018, ISO/IEC 27001,
PCI-DSS1,
SOC 2 and FedRAMP programs to provide our
customers and regulators with independent
verification of our security, privacy, and
compliance controls. More information on
our incident response process can be found
in
our Data incident response process whitepaper.
Vulnerability Management We scan for software vulnerabilities
using a combination of commercially
available and purpose-built in-house
tools, intensive automated and manual
penetration testing, quality assurance
processes, software security reviews, and
external audits. We also rely on the
broader security research community and
greatly value their help identifying any
vulnerabilities in Google Workspace,
Google Cloud, and other Google products.
Our Vulnerability Reward Program
encourages researchers to report design
and implementation issues that may put
customer data at risk. Product Security: Google
Workspace Google Workspace customers can leverage
product features and configurations to
further protect personal data against
unauthorised or unlawful processing:
Google Workspace Core Services,
including Gmail, Google Admin Console,
Calendar, Drive, Docs, Keep, Sites,
Jamboard, Hangouts, Chat, Meet, Cloud
Search and Google Groups offer
configurable settings to help ensure that
your organization’s data is secured, used,
and accessed according to your unique
requirements.
2-step verification reduces
the risk of unauthorized access by asking
users for additional proof of identity
when signing
in. Security key enforcement offers
another layer of security for user
accounts by requiring a physical
key. The Advanced Protection Program is
our strongest protection for users at risk
of targeted online attacks.
Suspicious Login Monitoring detects
suspicious logins using robust machine
learning capabilities.
Enhanced email security requires
email messages to be signed and encrypted
using Secure/Multipurpose Internet Mail
Extensions (S/MIME).
Encryption:
Google Workspace customers' data is
encrypted when it's on a disk, stored on
backup media, moving over the Internet, or
traveling between data centers.
Data loss prevention protects
sensitive information within Gmail and
Drive from unauthorized sharing.
Advanced phishing and malware protection protects
against suspicious attachments and scripts
from untrusted senders, as well as
malicious links and images.
Information rights management
in Drive allows you to disable
downloading, printing, and copying of
files from the advanced sharing menu, and
to set expiration dates on file access.
Endpoint management offers
continuous system monitoring and alerts in
case of suspicious device activity.
Alert Center is
a place to view essential notifications,
alerts, and actions across Google
Workspace. Insights around these potential
alerts can help administrators assess
their organization's exposure to security
issues.
Security Center brings
together security analytics, best practice
recommendations and integrated remediation
to protect your organization’s data,
devices and users. It provides you with
visibility into external file sharing,
spam and malware targeting users within
your organization, and integrated
remediation via the investigation tool.
Context-aware access can
enforce granular access controls on Google
Workspace apps, based on a user’s identity
and context of the request.
Google Vault lets
you retain, archive, search, and export
your organization's email, Google Drive
file content and on-the-record chats for
your eDiscovery and compliance needs.
App access control governs
access to Google Workspace services using
OAuth 2.0. Organizations can control which
third-party and internal apps can access
Google Workspace data, and find more
details about any third-party apps already
in
use.Data Regions
lets you store your covered data in a
specific geographic location by using a
data region policy.
Access Transparency lets
you review logs of actions taken by Google
staff when accessing user content. To learn more, please
visit https://workspace.google.com/security
Product Security: Google Cloud
Google Cloud customers can leverage
product features and configurations to
further protect personal data against
unauthorised or unlawful processing:
Encryption in transit between regions
is applied by default on Google Cloud to
encrypt requests before transmission and
to protect the raw data using the
Transport Layer Security (TLS) protocol.
Once data is transferred to Google Cloud
to be stored, Google Cloud applies
encryption at rest by
default.2-step verification reduces
the risk of unauthorized access by asking
users for additional proof of identity
when signing
in. Security key enforcement offers
another layer of security for user
accounts by requiring a physical
key.Cloud Identity and Access Management (Cloud IAM)
allows you to create and manage
fine-grained access and modification
permissions for Google Cloud
resources.Data Loss Prevention API helps
to identify and monitor the processing of
special categories of personal data in
order to implement adequate
controls.Cloud Logging and Cloud Monitoring
integrate logging, monitoring, alerting,
and anomaly detection systems into Google
Cloud.
Cloud Identity-Aware Proxy
(Cloud IAP) controls access to cloud
applications running on Google Cloud.
Cloud Security Scanner scans
for and detects common vulnerabilities in
Google App Engine
applications.VPC Service Controls provide
perimeter protection for services that
store highly sensitive data to enable
service-level data
segmentation.Cloud KMS and HSM allow
for management of encryption keys and
cryptographic operations from within a
cluster of FIPS 140-2 Level 3 certified
Hardware Security Modules (HSMs). KMS
allows customers to use Google-managed or
customer-managed encryption keys as
required to fulfill compliance
requirements.Cloud Security Command Center allows
customers to view and monitor an inventory
of their cloud assets, scan storage
systems for sensitive data, detect common
web vulnerabilities, and review access
rights to their critical resources from a
single, centralized
dashboard.Access Approval
requires Google administrators to seek
explicit customer approval before Google
can access data. It works by sending
customers an email and/or Cloud Pub/Sub
message with an access request that the
customer is able to approve. Using the
information in the message, customers can
use the Google Cloud console or the Access
Approval API to approve the access. To learn more, please
visit https://cloud.google.com/security/
1 For Google Cloud only.
DATA RETENTION & DELETION
Administrators can export customer data,
via the functionality of
the Google Workspace
or Google Cloud services (consult
Google Cloud documentation for
further information), at any time during
the term of the agreement. We have
included data export commitments in our
data processing terms for several years,
and will continue to work to enhance our
data export capabilities, making it even
easier for you to download a copy of your
customer data
from Google Workspace
and Google Cloud services. You can also delete customer data, via
the functionality of the Google Workspace
or Google Cloud services, at any time.
When Google receives a complete deletion
instruction from you (such as when an
email you have deleted can no longer be
recovered from your “trash”), Google will
delete the relevant customer data from all
of its systems within a maximum period of
180 days unless retention obligations
apply.
ASSISTANCE TO THE CONTROLLER
Data Subject's Rights Data controllers can use the Google
Workspace and Google Cloud administrative
consoles and services functionality to
help access, rectify, restrict the
processing of, or delete any data that
they and their users put into our systems.
This functionality will help them fulfill
their obligations to respond to requests
from data subjects to exercise their
rights under the GDPR. Data Protection Team Google has designated a DPO for Google
LLC and its subsidiaries, to cover data
processing subject to the GDPR, including
as part of our Cloud products and
services. Emil Ochotta is Google's Data
Protection Officer. Dr. Ochotta is based
in Sunnyvale in the U.S. Where required, Google Cloud products
have designated teams to address customer
inquiries in relation to data protection.
The way to contact these teams is
described in the relevant agreement. For
Google Workspace the Cloud Data Protection
Team can be contacted by Customer’s
administrators
at https://support.google.com/a/contact/googlecloud_dpr
(while administrators are signed in to
their admin account) and/or directly by
providing a notice to Google as described
in the applicable agreement. For Google
Cloud, that team can be contacted at
https://support.google.com/cloud/contact/dpo.
Incident Notifications Google Workspace and Google Cloud have
provided contractual commitments around
incident notification for many years. We
will continue to promptly inform you of
incidents involving your customer data in
line with the data incident terms in our
current agreements.
INTERNATIONAL DATA TRANSFERS
The GDPR provides for several mechanisms
to facilitate transfers of personal data
outside of the EU. These mechanisms are
aimed at confirming an adequate level of
protection or ensuring the implementation
of appropriate safeguards when personal
data is transferred to a third country.
An adequate level of protection can be
confirmed by adequacy decisions such as
the ones that support the Japanese Act on
the Protection of Personal Information
(APPI) and the Swiss Data Protection Act.
Where personal data will be transferred
outside of the EU to third countries not
covered by adequacy decisions, we commit
under our data processing agreements to
maintain a mechanism that will facilitate
these transfers as required by the GDPR.
In 2017, we gained confirmation of
compliance from European Data Protection
Authorities for our standard contract
clauses, affirming that our contractual
commitments for Google Workspace and
Google Cloud met the requirements to
legally frame transfers of personal data
from the EU to the third countries that do
not provide adequate protection.
STANDARDS & CERTIFICATIONS
Our customers and regulators expect
independent verification of security,
privacy, and compliance controls. Google
Workspace and Google Cloud undergo several
independent third-party audits on a
regular basis to provide this assurance.
ISO/IEC 27001 (Information
Security Management) ISO/IEC 27001 is one of the most widely
recognized, internationally accepted
independent security standards. Google has
earned ISO/IEC 27001 certification for the
systems, applications, people, technology,
processes, and data centers that make up
our
shared Common Infrastructure
as well as for Google Workspace and Google
Cloud products. You can access these
certificates via
Compliance reports manager.
ISO/IEC 27017 (Cloud
Security) ISO/IEC 27017 is an international
standard of practice for information
security controls based on ISO/IEC 27002,
specifically for Cloud Services. Google
has been certified compliant with ISO/IEC
27017 for Google Workspace and Google
Cloud. You can access these certificates
via
Compliance reports manager.
ISO/IEC 27018 (Cloud
Privacy) ISO/IEC 27018 is an international
standard of practice for protection of
personally identifiable information (PII)
in Public Cloud Services. Google has been
certified compliant with ISO/IEC 27018 for
Google Workspace and Google Cloud. You can
access these certificates via
Compliance reports manager.
ISO/IEC 27701 (Privacy
Information Management) ISO/IEC 27701 is a global privacy
standard that focuses on the collection
and processing of personally identifiable
information (PII). This standard extends
the requirements of ISO/IEC 27001 and
ISO/IEC 27002 to include data privacy. We
have received accredited ISO/IEC 27701
certification as a PII processor for both
Google Workspace and Google Cloud. You can
access these certificates via
Compliance reports manager.
SSAE18/ISAE 3402 (SOC 2/3)
The American Institute of Certified
Public Accountants (AICPA) SOC 2 (Service
Organization Controls) and SOC 3 audit
framework defines Trust Principles and
criteria for security, availability,
processing integrity, and confidentiality.
Google has both SOC 2 and SOC 3 reports
for Google Workspace and Google Cloud. You
can access these certificates via
Compliance reports manager.
Assessing Google Cloud based on Article 28
Article 28 of the GDPR lays out the requirements of a
data processor who processes data on behalf of the data
controller. See how our terms reflect these
requirements.
Use of Subprocessors
Google Cloud - Data Processing and
Security Terms (DPST) Definitions |
Section 2.1
Data Security |
Section 7.1.2
Data Security |
Section 7.3.1 (b)
Data Transfers |
Section 10.1
Subprocessors |
Section 11
Third-Party Beneficiary |
Section 14
Google Cloud - EU Standard Contract
Clauses (SCC)
SCCs (EU Controller-to-Processor)
| Annex II, Annex III
SCCs (EU Processor-to-Controller)
| N/A
SCCs (EU Processor-to-Processor)
| Annex II, Annex III
SCCs (EU Processor-to-Processor, Google Exporter)
| Annex II, Annex III
SCCs (UK Controller-to-Processor)
| Clause 1, Clause 3.3, Clause 4 (g) and
(i), Clause 5 (i) and (j), Clause 6,
Clause 8, Clause 11, Clause 12, Appendix
1, Appendix 2.5 Related content:
Google Cloud Subprocessors
GOOGLE WORKSPACE - Data Processing
Terms Definitions |
Section 2.1
Data Security |
Section 7.1.2
Data Security |
Section 7.3.1 (b)
Data Transfers |
Section 10.1
Subprocessors |
Section 11
Third-Party Beneficiary |
Section 14
Security Measures |
Appendix 2.1–2.5
GOOGLE WORKSPACE - EU Standard
Contract Clauses (SCC)
SCCs (EU Controller-to-Processor)
| Annex II, Annex III
SCCs (EU Processor-to-Controller)
| N/A
SCCs (EU Processor-to-Processor)
| Annex II, Annex III
SCCs (EU Processor-to-Processor, Google Exporter)
| Annex II, Annex III
SCCs (UK Controller-to-Processor)
| Clause 1, Clause 3.3, Clause 4 (g) and
(i), Clause 5 (i) and (j), Clause 6,
Clause 8, Clause 11, Clause 12, Appendix
1, Appendix 2.5 Related content:
Google Workspace Subprocessors Agreement
General Written Contract
Google Cloud - Data Processing and
Security Terms (DPST)
Entire Data Processing and Security Terms
Processing Under Documented Instructions
Google Cloud - Data Processing and
Security Terms (DPST) Processing of Data |
Section 5.2
Google Cloud - EU Standard Contract
Clauses (SCC) GOOGLE WORKSPACE - Data Processing
Terms Section 5.2 |
Processing of Data
GOOGLE WORKSPACE - EU Standard
Contract Clauses (SCC) Clause 5 (a) and (b) |
Obligations of the Data Importer
Processing Under Confidentiality Obligations
Google Cloud - Google
Cloud Terms of Services Confidential Information
|Section 7
Google Cloud -Data Processing and
Security Terms (DPST) Data Security |
Section 7.1.2
Data Security |
Section 7.5.3
Personnel Security |
Appendix 2.4
Google Cloud - EU Standard Contract
Clauses (SCC) Obligations of the Data Importer |
Clause 5
GOOGLE WORKSPACE - Google Workspace
Agreement Confidential Information |
Section 6
GOOGLE WORKSPACE - Data Processing
Terms Data Security |
Section 7.1.2
Data Security |
Section 7.5.3
Personnel Security |
Appendix 2.4
GOOGLE WORKSPACE - EU Standard
Contract Clauses (SCC)
Security Measures
Google Cloud - Data Processing and
Security Terms (DPST) Data Security |
Section 7
Security Measures |
Appendix 2
Google Cloud - EU Standard Contract
Clauses (SCC) GOOGLE WORKSPACE - Data Processing
Terms Data Security |
Section 7
Security Measures |
Appendix 2
GOOGLE WORKSPACE - EU Standard
Contract Clauses (SCC) Related
contentGoogle Cloud Security & Compliance Whitepaper
Assistance to Data Controller
Data Deletion and Data Return
Google Cloud - Data Processing and
Security Terms (DPST) Data Deletion |
Section 6
Data Subject Rights; Data Export
| Section 9.1
Google Cloud - EU Standard Contract
Clauses (SCC) GOOGLE WORKSPACE- Data Processing
Terms Data Deletion
|Section 6
Data Subject Rights; Data Export |
Section 9.1
GOOGLE WORKSPACE- EU Standard
Contract Clauses (SCC)
Demonstrate Compliance
Google Cloud - Data Processing and
Security Terms (DPST) Data Security |
Section 7.4
Related content:
Google Cloud Compliance
GOOGLE WORKSPACE - Data Processing Terms
Data Security |
Section 7.4
Related content:
Google Cloud Compliance
Relevant Whitepapers
Read our whitepapers relevant to Google Cloud customers who are subject to GDPR
FAQ
Answers to Frequently Asked Questions about Google Cloud and GDPR
Does the GDPR require storage of personal data in the EU?
No. Like the 95/46/EC Directive on Data Protection, the GDPR sets out certain conditions for the transfer of personal data outside of the EU. Such conditions can be met via mechanisms such as standard contract clauses.
How do your terms reflect the GDPR requirements?
For many years, Google Cloud has offered data processing terms that clearly articulate our privacy and security commitment to customers, and we have evolved those terms to reflect the GDPR. Our GDPR-updated terms notably reflect the provisions of Article 28 of the GDPR governing the use of a data processor by a data controller.
Does the GDPR give customers the right to audit Google Cloud?
Under the GDPR, audit rights must be granted to data controllers in their contracts with data processors. Our updated data processing agreements include audit rights for the benefit of customers who are subject to the GDPR.
What role do third-party ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701 and SOC 2/3 reports play in compliance with the GDPR?
Our third-party ISO/IEC certifications and SOC 2/3 audit reports can be used by customers to help conduct their risk assessments and help them determine whether appropriate technical and organisational measures are in place. Our ISO/IEC 27701 certification provides greater clarity on privacy-related roles and responsibilities, which can facilitate efforts to comply with privacy regulations, including the GDPR.
How does Google Cloud support International Data Transfers in the Cloud?
The GDPR provides for several mechanisms to facilitate transfers of personal data outside of the EU. These mechanisms are aimed at confirming an adequate level of protection or ensuring the implementation of appropriate safeguards when personal data is transferred to a third country.
An adequate level of protection can be confirmed by adequacy decisions such as the ones that support the Japanese Act on the Protection of Personal Information (APPI) and the Swiss Data Protection Act.
Where personal data will be transferred outside of the EU to third countries not covered by adequacy decisions, we commit under our data processing agreements to maintain a mechanism that will facilitate these transfers as required by the GDPR. In 2017, we gained confirmation of compliance from European Data Protection Authorities for our standard contract clauses, affirming that our contractual commitments for Google Workspace and Google Cloud met the requirements to legally frame transfers of personal data from the EU to the third countries that do not provide adequate protection.
Now that Privacy Shield has been invalidated, can I still use Google Cloud and meet GDPR requirements if I handle EU personal data?
While Google will continue to review the impact of the Court of Justice of the European Union (CJEU) case C-311/18 one thing remains unchanged: Google will take appropriate steps to ensure we maintain a high level of privacy protection for EU citizens.
Google Cloud offers Standard Contractual Clauses (SCCs) to our customers, which will be automatically deemed to apply in the absence of any alternate transfer solution made available by Google. Regardless of the location of the data, data protection remains a priority for Google. See the Safeguards for International Data Transfers with Google Cloud Whitepaper for more information.
We are certified against recognised international standards such as ISO/IEC 27001, ISO/IEC 27018 and ISO/IEC 27017. The complete listing of Google’s compliance offerings can be found on the compliance resource center.
What other information and resources has Google provided on the GDPR?
Refer to Google’s Cloud's Privacy Resource Center and Google's Businesses and Data website.
Where can I find other European Privacy Resources?
Refer to our European Compliance offerings and the Cloud Privacy Resource Center.
Disclaimer: The content contained herein is correct as of August 2021 and represents the status quo as of the time it was written. Google’s security policies and systems may change going forward, as we continually improve protection for our customers. When referring to Google Workspace, we also refer to Google Workspace for Education. We are bringing Google Workspace to our education and nonprofit customers in the coming months.
Take the next step
Start building on Google Cloud with $300 in free credits and 20+ always free products.
Take the next step
Start your next project, explore interactive tutorials, and manage your account.
-
Need help getting started?Contact sales
-
Work with a trusted partnerFind a partner
-
Continue browsingSee all products
-
Need help getting started?Contact sales
-
Work with a trusted partnerFind a partner
-
Get tips & best practicesSee tutorials