Share this
What a Google Cloud Platform client should know about GDPR
by Robin Laurens on Nov 15, 2017 11:17:39 AM
What is the General Data Protection Regulation (GDPR)?
On May the 28th 2018, the General Data Protection Regulation (GDPR) will come into effect after a transition period of 2 years. The GDPR is a European Union law that will replace the old personal data regulation from 1995; The Data Protection Directive.
The primary goal of the GDPR is to strengthen and unify data protection for all individuals within the European Union (EU), meaning that individuals will have more rights with regards to their data and all the European data protection laws will bundle, regardless of where the data processes.
We can imagine that you, as a (future) Google Cloud Platform user, have some questions about what this new regulation implies for your big data use, and what Google does to make sure if the law complies.
We will try to answer these questions here. For more information, we also put some handy links at the end of this blog.
Where lies your responsibility as a Google Cloud Platform client?
First of all, it's essential to make a distinction between two different actors: data administrators and data processors. In the case of the Google Cloud Platform, Google is the data processor, and the business that runs its data on the cloud is the data administrator (the client). The data administrator determines the purposes and resources for processing personal data while the data processor processes the data on behalf of this administrator.
Data administrators are responsible for taking the technical and organisational measures necessary to perform data processing following the GDPR. The obligations of administrators relate to principles such as legitimacy, reasonableness and transparency, target binding, data minimisation, and accuracy, as well as compliance with the rights of stakeholders, also called "data subjects."
On the other side, Google will make every effort to meet the requirements of the GDPR for all Google Cloud services. They do this by the extended privacy- and security protection that they have been incorporating over the years in their services and contracts.
What can you do
As a client of Google Cloud Platform, it's critical to prepare well for the GDPR realisation in May. Google* created some advice which you can follow to make sure you are following the GDPR in the right way.
- Get to know the terms of the GDPR, especially pay attention to the differences between your current obligations in the field of data protection.
- Make an overview of the personal data that you manage. Google's tools can help you identify and classify data.
- Verify that your current management options, policies, and processes meet the requirements of the GDPR. Make a plan to close any gaps.
- See how to integrate the existing Google Cloud data protection features into your own legal and regulatory compliance framework. Evaluate the Google Cloud Platform materials for audits and certifications to see how they can help you
- Keep track of your responsibilities under the GDPR by regularly visiting the website of your national or, where applicable, primary data protection authority under the GDPR, and by publications from organizations such as the International Organisation of Private Professionals (IAPP).
- GCP customers can use product features and configurations to better protect their personal information against unauthorised or illegal processing. You can find them here.
* Google Cloud en de Algemene Verordening Gegevens Bescherming.
What Google does
At Google, they do everything in their power to meet the GDPR requirements for the whole range of Google Cloud services. This happens within different areas;
Subject Knowledge, reliability, and resources - Google works with leading global experts, in the field of information, app, and network security. They also work with the best lawyers and service compliance experts and government policy specialists who ensure that Google adheres to privacy and security law.
Obligations in the field of data protection - Google has recently been updating the terms and conditions based explicitly on the GDPR. It's now possible to enter these updated data processing conditions through a login process which is described here.
Security of services -According to the GDPR, the administrator and the processor must take sufficient technical and organisational measures to ensure a level of security that focusses on the risk. Google uses a global infrastructure designed to provide the very highest level of protection for the entire information processing cycle. Google built the security of their infrastructure in layers, which they explain more about here.
International data transfer - Under their current conditions for data processing, Google is contractually committed to maintaining a mechanism that facilitates the transfer of personal data outside the EU, as required by the Data Protection Directive. They will also offer a corresponding commitment from the day on which the GDPR takes effect.
Standards and certifications - Google Cloud Platform is being tested on a regular base by different independent and extern parties to guarantee security, privacy, and compliance.
And Google does more. You can read about it on their website.
Some helpful links
Share this
- November 2024 (2)
- October 2024 (2)
- September 2024 (1)
- August 2024 (1)
- July 2024 (4)
- June 2024 (2)
- May 2024 (1)
- April 2024 (4)
- March 2024 (2)
- February 2024 (2)
- January 2024 (4)
- December 2023 (1)
- November 2023 (4)
- October 2023 (4)
- September 2023 (4)
- June 2023 (2)
- May 2023 (2)
- April 2023 (1)
- March 2023 (1)
- January 2023 (4)
- December 2022 (3)
- November 2022 (5)
- October 2022 (3)
- July 2022 (1)
- May 2022 (2)
- April 2022 (2)
- March 2022 (5)
- February 2022 (3)
- January 2022 (5)
- December 2021 (5)
- November 2021 (4)
- October 2021 (2)
- September 2021 (2)
- August 2021 (3)
- July 2021 (4)
- May 2021 (2)
- April 2021 (2)
- February 2021 (2)
- January 2021 (1)
- December 2020 (1)
- October 2020 (2)
- September 2020 (1)
- August 2020 (2)
- July 2020 (2)
- June 2020 (1)
- March 2020 (2)
- February 2020 (1)
- January 2020 (1)
- December 2019 (1)
- November 2019 (3)
- October 2019 (2)
- September 2019 (3)
- August 2019 (2)
- July 2019 (3)
- June 2019 (5)
- May 2019 (2)
- April 2019 (4)
- March 2019 (2)
- February 2019 (2)
- January 2019 (4)
- December 2018 (2)
- November 2018 (2)
- October 2018 (1)
- September 2018 (2)
- August 2018 (3)
- July 2018 (3)
- May 2018 (2)
- April 2018 (4)
- March 2018 (5)
- February 2018 (2)
- January 2018 (3)
- November 2017 (2)
- October 2017 (2)
