Products and services relevant to data controllers
Privacy principles and our capabilities
Control
Product
Overview
Data Minimization
-
Data Discovery
-
Google Cloud's Data Loss Prevention (DLP) helps you discover and classify data at scale. Data such as payment card numbers, national identification numbers, protected health information, and other types of PII can be identified and tagged.
Once discovered, DLP allows customers to minimize processing of PII through de-identification (e.g. tokenization) or automatic purging of unneeded data
-
Data Management
-
PII discovered with DLP can be tagged and published in enterprise-wide monitoring such as Security Command Center, Data Catalog, Cloud Monitoring, etc.
Integrity and Confidentiality (some examples, for a full
list
see Security Products)
-
User Access Management
-
The Google Admin Console provides for centralized user administration and security reporting, which makes setup and management very efficient.
-
CloudIdentity and Access Management (IAM) can be used to assign roles and permissions to administrative groups, incorporating principles of least privilege and separation of duties.
-
Learn how to add Cloud Identity to your Google Workspace Account.
-
Secure Processing
-
Confidential Virtual Machines and GKE nodes enable you to encrypt data in use, while it is being processed.
-
Transparency
-
Maintain visibility of insider access to your data through near real-time logs from Access Transparency
-
Encryption
-
Google Cloud supports both Customer-Supplied and Customer-Managed encryption keys
Storage Limitation
-
Data Retention Monitoring
-
Data Catalog offers a programmatic, scalable mechanism to associate data with meaningful tags. Tagged data can be collected in a dashboard to help a Controller’s retention team identify when records are approaching retention thresholds and need to be purged
-
Data Residency
-
Maintain control over data residency requirements through Cloud's data regions
Purpose Limitation
-
Cloud Identity and Access Management (IAM) can be used for multiple types of identities (Employees, Partners, Workloads and End Users) to restrict access to roles more aligned with the dataset’s purpose
-
IAM Recommender can help to define custom roles for more granular access control
-
VPC Service Controls enforces policies to isolate services and enable context aware access which can take into account the user’s identity and location before allowing access.
Data Minimization
-
Data Discovery
-
Data Management
Integrity and Confidentiality (some examples, for a full list see Security Products)
-
User Access Management
-
Secure Processing
-
Transparency
-
Encryption
Storage Limitation
-
Data Retention Monitoring
-
Data Residency
Data Minimization
Integrity and Confidentiality (some examples, for a full list see Security Products)
Storage Limitation
Purpose Limitation
Data Minimization
-
Google Cloud's Data Loss Prevention (DLP) helps you discover and classify data at scale. Data such as payment card numbers, national identification numbers, protected health information, and other types of PII can be identified and tagged.
Once discovered, DLP allows customers to minimize processing of PII through de-identification (e.g. tokenization) or automatic purging of unneeded data
-
PII discovered with DLP can be tagged and published in enterprise-wide monitoring such as Security Command Center, Data Catalog, Cloud Monitoring, etc.
Integrity and Confidentiality (some examples, for a full list see Security Products)
-
The Google Admin Console provides for centralized user administration and security reporting, which makes setup and management very efficient.
-
CloudIdentity and Access Management (IAM) can be used to assign roles and permissions to administrative groups, incorporating principles of least privilege and separation of duties.
-
Learn how to add Cloud Identity to your Google Workspace Account.
-
Confidential Virtual Machines and GKE nodes enable you to encrypt data in use, while it is being processed.
-
Maintain visibility of insider access to your data through near real-time logs from Access Transparency
-
Google Cloud supports both Customer-Supplied and Customer-Managed encryption keys
Storage Limitation
-
Data Catalog offers a programmatic, scalable mechanism to associate data with meaningful tags. Tagged data can be collected in a dashboard to help a Controller’s retention team identify when records are approaching retention thresholds and need to be purged
-
Maintain control over data residency requirements through Cloud's data regions
Purpose Limitation
-
Cloud Identity and Access Management (IAM) can be used for multiple types of identities (Employees, Partners, Workloads and End Users) to restrict access to roles more aligned with the dataset’s purpose
-
IAM Recommender can help to define custom roles for more granular access control
-
VPC Service Controls enforces policies to isolate services and enable context aware access which can take into account the user’s identity and location before allowing access.
Explore all our privacy and security products
Learn more about Cloud Privacy and Security products