Web Articles
To the G Suite/Gmail App administrators and users
Hello Administrators,
We are posting this message because if your organization is operating G Suite account, and the G Suite Data Processing Amendment currently governs how we process personal data on behalf of your organization, and/or according to our records, your organization is established in the European Economic Area or Switzerland.
On May 25, 2018, the most significant piece of European data protection legislation in 20 years will come into force when the European Union’s (EU) General Data Protection Regulation (GDPR) replaces the 1995 Data Protection Directive. We know that preparing for this regulatory change is a priority for many of our customers. It is a priority for us, too.
Today, we are pleased to roll out version 2.0 of our Data Processing Amendment (DPA), which has been specifically updated to reflect the GDPR.
How opting in to DPA version 2.0 works
If you opt in to DPA version 2.0, the updated terms will take effect with the GDPR on May 25, 2018. If you opt in before May 25, you will benefit from DPA version 1.6 until then.
Details Google is required to obtain from you
The GDPR requires Google to maintain records of certain information, including the contact details of your EU representative (if your organization is not established in the EU) and Data Protection Officer (DPO), where applicable.
What you need to do
- Sign in to the Google Admin console. or contact us to facilitate this for you.
- Go to Company profile > Profile.
- Opt in to DPA version 2.0.
- In the Legal & compliance section, enter details for your EU representative and DPO as needed.
You might need to click Show more to see Legal & compliance. - Click Save.
Where to find information or direct questions
Further information regarding Google Cloud and the GDPR is available on our Cloud GDPR website. If you’re also a Google Cloud Platform (GCP) customer, you will receive a separate communication concerning the rollout of updated terms for the relevant GCP products to reflect the GDPR. You might also receive similar communications concerning any other Google products you are using.
If you have any questions, sign in to the Admin console and contact Google’s Cloud Data Protection Team.
Sincerely,
The G Suite Team
—
FAQ
Why are you rolling out DPA version 2.0 now? Why aren’t you waiting until May 25, 2018?
Google is committed to GDPR compliance and to helping its customers with their own compliance journey. We are rolling out DPA version 2.0 well in advance to facilitate your compliance assessment and GDPR readiness when using G Suite services.
DPA version 2.0 takes effect on May 25, 2018, but what happens in the meantime?
DPA version 1.6 will apply in the meantime.
My company already opted in to an earlier version of the DPA. Do we need to opt in again to benefit from the new terms?
Yes. Earlier versions of the DPA don’t mention the GDPR. DPA version 2.0 specifically addresses GDPR changes. For more information about the GDPR and how you should begin preparing for it, see the Cloud GDPR website. You can opt in to version 2.0 in the Google Admin console (see directions above).
My company already opted in to G Suite Model Contract Clauses (MCCs). Will those remain in force if we opt in to DPA version 2.0?
Yes. If you previously opted in to G Suite MCCs, they’ll remain in force whether or not you opt in to DPA version 2.0.
What is a data controller? What is a data processor?
A data controller determines the purposes and means of processing of personal data. A data processor processes personal data on behalf of a data controller. G Suite customers will typically act as the data controller for any personal data they provide to Google in connection with their use of G Suite. Google is a data processor and processes personal data on behalf of the data controller when the data controller is using G Suite.
What are my obligations as a customer and data controller?
Data controllers are responsible for implementing appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data. You can find guidance related to your responsibilities under the GDPR by regularly checking the website of your national or lead data-protection authority under the GDPR (as applicable), as well as by reviewing publications by data-privacy associations, such as the International Association of Privacy Professionals (IAPP). You should also seek independent legal advice relating to your status and obligations under the GDPR, as only a lawyer can provide you with legal advice specifically tailored to your situation.
What is a Data Protection Officer or DPO?
A Data Protection Officer (DPO) is the person designated, where applicable, to facilitate compliance with the provisions of the GDPR. The GDPR defines the criteria and the conditions under which a DPO must be designated.
What is a Customer EU Representative?
A Customer EU Representative is the person designated, where applicable, to represent customers not established in the EU with regard to their obligations under the GDPR
Leave a reply
You must be logged in to post a comment.