Have you accepted our GDPR-updated Data Processing Amendment for G Suite and Data Processing and Security Terms for Google Cloud Platform? If not, read the instructions or watch this video for G Suite and read the instructions here for Google Cloud Platform.

Compliance & Certifications

Many GDPR requirements can be mapped to controls in international security and privacy standards and industry frameworks.
Google Cloud undergoes a regular third-party audit to certify individual products against this standard. Our SOC 2 reports gives you a detailed view of our existing controls over security, availability, processing integrity, and confidentiality or privacy in order to assess Google Cloud as your cloud service provider.
Google Cloud undergoes a regular third-party audit to certify individual products against the SOC 3 standard. Our SOC 3 report gives you a broad view of our existing controls over security, availability, processing integrity, and confidentiality or privacy, serving as a quick reference guide when starting your GDPR risk assessment of Google Cloud as a data processor.
CSA STAR encompasses key principles of transparency, rigorous auditing, and harmonization of standards. CSA STAR allows cloud providers to submit self assessment reports that document compliance to CSA-published best practices. Google’s CSA self assessment can help your assessment of our services, particularly as it relates to Article 28 of the GDPR.
Google Cloud Platform, our Common Infrastructure, and G Suite are certified as ISO 27001 compliant. ISO/IEC 27001 outlines and provides the requirements for an information security management system, specifying best practices and details a list of security controls concerning the management of information risks.
The ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services.
ISO 27018 relates to the protection of personally identifiable information (PII), dealing with one of the most critical components of the cloud: privacy. This standard is primarily focused on security controls for public-cloud service providers acting as PII processors, building off of existing ISO 27002 controls with specific items for cloud privacy, along with new controls surrounding personal data.
For additional information on all of Google’s Standards, Regulations and Certifications, refer to our compliance page.