G Suite & GDPR

G Suite & GDPR

The big day has now passed. GDPR Day. May 25th, 2018 – a date that many of us will be hard pushed to forget. While the day has passed we’re still hearing from clients and non-clients alike about how G Suite (also known as Google Apps) and Google’s Cloud address the new standards. There’s lots of information out there but we thought it would be useful to pull it together in one place…

The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. If you don’t know much about The GDPR, its purpose is to strengthen the rights that individuals have regarding their personal data and aims to unify data protection across Europe, regardless of where it’s processed. As a G Suite customer, you may be thinking about how this affects you, given that all of your data is stored by Google.

In the video below, you can see an overview of Google’s commitment to GDPR compliance across all Google Cloud Services, while also highlighting some of the most important tools being used to do so.

Google’s Expertise

To ensure users data is kept secure and private, Google employs some of the world’s foremost experts in information, application, and network security. This team looks after the company’s defence systems, develops security review processes, builds security infrastructure, and implements Google’s security policies.

Google also employs an extensive team of lawyers, regulatory compliance experts, and public policy specialists who look after privacy and security compliance.

These teams engage with users, industry stakeholders, and supervisory authorities to shape G Suite services in a manner that helps users meet their compliance needs.

Data Processing

Google’s data processing agreements for G Suite clearly articulate their privacy commitments to customers. These terms have evolved over the years based on feedback from users and regulators and have specifically been updated to reflect the GDPR

Any data that users enter into G Suite will only be processed in accordance with the user’s instructions, as described in Google’s GDPR-updated data processing agreements.

Google’s Confidentiality

All Google employees are required to sign confidentiality agreements and complete confidentiality and privacy training, as well as Code of Conduct training. Google’s Code of Conduct specifically addresses responsibilities and behaviour with respect to data protection.

User Responsibilities

G Suite users will act as the data controller for any personal data they provide to Google in connection with their use of Google’s services. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. Google is a data processor and processes personal data on behalf of the user, who is a data controller when using G Suite – your data is your data, not Google’s.

Data controllers (G Suite users) are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data.


If you would like any further information about the GDPR and how your data is processed by Google, or would just like to find out more about G Suite in general, please don’t hesitate to get in touch via info@cobry.co.uk. We would be delighted to have a chat.

Stay up to date

Sign up for our monthly newsletter to stay up to date on all things G Suite, including; new features, security updates, tips, tricks and all the latest news from Google and Cobry.