Google announced today that Google Cloud Platform is ready for the GDPR. Suzanne Frey, Director, Security, Trust, & Privacy, Google Cloud, and Marc Crandall, Director of Data Protection and Compliance, Google Cloud, wrote that “Google Cloud customers can confidently use our services when the GDPR takes effect on May 25.”
Google Cloud will as a data processor, and as a data processor Google process data only as instructed by you—our customers.
What are the changes Google did to be compliant? Google updated the data processing terms. Google ensures the data portability with a data export feature. According to the release, Google has a contractual commitment to notify customers on data incidents. Google encrypt the data by default and has an audit log when the support engineering teams interacts with the data. Google is certified for security management systems, for cloud security controls, and for protection of personally identifiable information. And G Suite and GCP are also certified under Privacy Shield, the EU data transfer law.