Google Cloud & The general Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
On 25 May 2018, the most significant piece of European data protection legislation to be introduced in 20 years will come into force. The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.
You can count on the fact that Google is committed to GDPR compliance across all Google Cloud services (G Suite and Google Cloud Platform). Google is also committed to helping his customers with their GDPR compliance journey by providing robust privacy and security protections built into his services and contracts over the years.
What you can do?
G Suite and Google Cloud Platform customers will typically act as the data controller for any personal data they provide to Google in connection with their use of Google’s services. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. Google is a data processor and processes personal data on behalf of the data controller when the controller is using G Suite or Google Cloud Platform.
Data controllers are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data.
If you are a data controller, you may find guidance related to your responsibilities under GDPR by regularly checking the website of your national or lead data protection authority under the GDPR (as applicable), as well as by reviewing publications by data privacy associations such as the International Association of Privacy Professionals (IAPP).
You should also seek independent legal advice relating to your status and obligations under the GDPR, as only a lawyer can provide you with legal advice specifically tailored to your situation.
More Detail´s about GDPR and G Suite you can find in our latest News Artikel.