All G Suite and Google Cloud Platform services will be in full compliance with the privacy requirements of the GDPR when it goes into effect next May, the company says.
When the European Union’s General Data Protection Regulation (GDPR) formally goes into effect next year, Google will be ready for it.
That’s according to Suzanne Frey, Google’s director of security, trust and privacy, and Marc Crandall, director of compliance at the company.
In a blog this week, the two Google executives reiterated the company’s commitment to ensuring that its services will fully comply with the privacy and security requirements of the GDPR. “Our users can count on the fact that Google is committed to GDPR compliance across G Suite and Google Cloud Platform service when the GDPR takes effect on May 25, 2018,” Frey and Crandall said.
In their blog this week, Frey and Crandall noted that Google has evolved its data processing terms and conditions in recent years to more clearly articulate the company’s privacy commitments. The terms will be further updated to bring them in line with GDPR requirements, the two Google directors noted.
Google also provides several third-party audits and certifications for its cloud platform and G Suite, including ISO 27001 security audits and ISO 27017 and ISO 27018 certifications for protection of personally identifiable data in the cloud, they said.
In addition, Google’s Cloud Platform and G Suite services have been certified under Privacy Shield, a program designed to give companies a way to show their adherence to the privacy and security controls specified in GDPR. EU data protection authorities have also already signed off on the so-called model contract clauses that Google uses to cover the transfer of EU customer data to the United States, the two Google executives said. What that means is that Google’s customers in the EU already have the legal cover they need to transfer EU customer data to Google without fear of running afoul of GDPR requirements.
Other changes that Google has made to bring it privacy polices in line with the GDPR include new data portability commitments as well as updated incident and breach notification clauses.