Google is carefully preparing for GDPR
Even giants like Google are preparing carefully for the new European regulation that will come into force on 25 May 2018. How will this affect users of G Suite and Google Cloud platforms? How will Google help you and what will you need to do?
Google is committed to compliance with the requirements under the European General Data Protection Regulation (GDPR within G Suite and Google Cloud platforms and to helping its customers on their journey to GDPR compliance by providing extensive privacy and security systems and processes built into its services and contracts.
Google Customer Responsibilities
G Suite and Google Cloud Platform customers are typically the data controllers of the data they provide to Google, as a processor, in connection with the use of its services. The data controller determines the purpose and reason for the processing of personal data.
In order to comply with GDPR requirements, Google has sent new contracts to G Suite customers that must be confirmed. We will publish the exact process in a subsequent article.
Data controllers are responsible for implementing appropriate technical and organisational measures to ensure maximum data security in accordance with the GDPR.
What does Google guarantee?
Google offers users of its services a wide range of protection features. So itis a good idea to take a look at the services offered by G Suite and Google Cloud Platform in relation to GDPR issues and see if they can benefit you.
Among the aspects that argue for using G Suite or Google Cloud Platform services is expertise. Google employs experts in security and privacy. This team is tasked with creating security systems, developing security control processes, building security infrastructure, and implementing Google's security policies. The legal team ensures that Google's security policies are followed. They all work in collaboration with one goal in mind - modifying G Suite and Google Cloud Platform to meet customer and compliance requirements.
All data that customers and their users enter into Google systems will only be processed in accordance with their instructions and in compliance with GDPR regulations.
All Google subcontractors who come into contact with customer data are carefully selected and continually vetted.
Google operates a global infrastructure designed to provide state-of-the-art security across the information processing lifecycle. This infrastructure is designed to ensure secure deployment of services, secure data storage through end-user privacy, secure communication between services, secure communication with customers over the Internet, and secure service administrators. G Suite and Google Cloud Platform applications run on this infrastructure.
G SUITE SECURITY
G Suite users can leverage product features and configurations to maximally protect personal data from unauthorized or unlawful processing:
- Two-factor authentication significantly reduces the risk of unauthorized access.
- Monitoring of suspicious logins using machine learning capabilities
- VHigher email security, the ability to sign and encrypt messages using Secure/Multipurpose Internet Mail Extensions (S/MIME).
- Data loss protection protects sensitive information in Gmail and Drive from unauthorized sharing.
- Manage information rights on Drive allows you to disable downloading, printing and copying files from extended sharing and set expiration dates for file access.
- Mobile Device Management enables continuous system monitoring and alerts in the event of suspicious device activity.
SECURITY OF GOOGLE CLOUD PLATFORM
GCP users can use product features and configurations to maximally protect personal information from unauthorized or unlawful processing:
- Two-factor authentication significantly reduces the risk of unauthorized access.
- Google Cloud Identity and Access Management (Cloud IAM) allows you to create, manage and modify access permissions for Google Cloud Platform.
- Data Loss Prevention API helps identify and track the processing of specific categories of personal data to implement appropriate controls.
- Stackdriver Logging and Stackdriver Monitoring integrate detection, monitoring, alerting and anomaly detection systems into Google Cloud Platform.
- Cloud Identity-Aware Proxy (cloud IAP) controls access to cloud applications running on Google Cloud Platform.
- Cloud Security Scanner scans and detects common vulnerabilities in Google App Engine applications.
For more information, visit https://gsuite.google.com/security
Google also handled data export and complete data deletion within G SUITE and Google cloud platforms, exactly as required by GDPR.
Data controllers can use administrative console features that allow them to access, correct, restrict processing or delete any data that users have entered into systems.
Google is a giant company that is tackling GDPR on a global level. There will be many measures and requirements for users associated with this. We will cover these in future articles. However, GDPR affects all of us. Be prepared. Stay tuned!