Compliance for retail

Protection of sensitive data for retail organizations using Google Cloud

We do our part to help you protect your most sensitive data, including PII, transactions, billing, and payment card information, by offering comprehensive data protection, identity management, network security, and threat detection and response capabilities. To earn your trust, we certify our products against the most rigorous global security and privacy standards like ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018, as well as industry-specific standards such as PCI DSS.

How we help you meet your compliance goals

Security and privacy

Google Cloud is committed to protecting our customers’ privacy and security needs. Our data processing terms for Google Workspace and Google Cloud articulate how we help you meet your specific compliance requirements.

Incident notification

Google's industry-leading data security practices specify a rigorous process for dealing with any incident that might impact your data's confidentiality, integrity, or availability.


We automatically encrypt your data both in transit outside of physical boundaries not controlled by Google and at rest by default and provide numerous ways for you to control your own encryption keys and data access.

Data storage

Google Cloud services are available in multiple locations worldwide. For select services and for data at rest, choose which facilities best meet your specific latency, availability, and durability requirements.


Depending on the service, your organization can securely download a copy of its data from Google Workspace or Google Cloud.


Data confidentiality is a priority at Google Cloud. Our products undergo regular third-party audits to ensure we maintain industry-leading certifications and protections.

Our customers

Helpful products and features


Built on Google-pioneered open source products like Kubernetes and Knative, Anthos lets you build hybrid applications, on-premises or in the public cloud.

Security Command Center

Prevent, detect, and respond to threats to your health data from one pane of glass, and act on them before they damage your business.


A serverless, highly scalable, and cost-effective cloud data warehouse, in scope for many of Google Cloud’s compliance offerings.

Cloud Key Management Service

For compliance mandates requiring keys and crypto operations to be performed within a hardware environment, Cloud KMS makes it easy to create a key protected by a FIPS 140-2 Level 3 device.

Compliance offerings

Google Workspace and Google Cloud undergo several independent third-party audits on a regular basis to ensure that we can assist with your compliance journey. Here are some of the relevant standards, regulations, and certifications that we support or are certified against.

Google Cloud

Get started

Work with Google

Tell us about your business, and our experts will help you build the right solution for your needs.

Work with a partner

Choose one of our global partners to integrate our services with your current security operations, add functionality and specific expertise in data protection, identity and user protection, infrastructure security, scanning, monitoring, logging, and more.