Privacy compliance and records for Google Workspace and Cloud Identity

Last updated September 20, 2022


Google Workspace and Cloud Identity offer the Cloud Data Processing Addendum (CDPA) (previously called the Data Processing Amendment or DPA), which incorporates standard contract clauses (SCCs), as a means of meeting the security, contracting and data transfer requirements under EU, UK and Swiss data protection laws. For customers with HIPAA compliance needs, Google offers a Business Associate Amendment.

Open all  |   Close all

How to opt in to the Cloud Data Processing Addendum (CDPA)

You only need to opt in to the Cloud Data Processing Addendum (CDPA) if your Google Workspace or Cloud Identity agreement does not already incorporate the CDPA (or the DPA) by reference. If you are unsure whether such agreement already incorporates the CDPA (or the DPA) by reference, we recommend you opt in to the CDPA, as it contains important compliance commitments and your opt-in won't make any difference if, in fact, your agreement already incorporates it (or the DPA).

If you’d like to opt in:

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Accountand thenAccount settingsand thenLegal and compliance.

  3. In Security and Privacy Additional Terms, under Cloud Data Processing Addendum to Google Workspace or Cloud Identity Agreement, click Review and Accept.
  4. Ensure that you or the appropriate individual within your organization reviews the contract clauses.
  5. Click I Accept.

Read more about Google’s approach to the General Data Protection Regulation and Google Workspace security and trust.

How to indicate if European Data Protection Law applies to you and provide related information

Step 1: Certify if European data protection law applies

If your billing address is outside Europe, the Middle East, and Africa, and your use of Google Workspace or Cloud Identity is or becomes subject to the EU GDPR, UK GDPR or the Swiss FDPA (each as defined in the Cloud Data Processing Addendum (CDPA), previously called the Data Processing Amendment), you need to certify as such, and identify your competent Supervisory Authority (or Authorities) by following the steps below.

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Accountand thenAccount settingsand thenLegal and compliance.

  3. In Security and Privacy Additional Terms, click Indicate that EU Data Protection Law applies to you.
  4. Click Certify if Applicable.
  5. Click Save. If you need to uncertify, click Uncertify. 

Step 2. Provide details of your European supervisory authority, DPO and representative

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Accountand thenAccount settingsand thenLegal and compliance.

  3. Under Your Supervisory Authority/ies, identify the applicable authority/ies.
  4. Click Save.
  5. Follow the steps to Register DPO or representative for the GDPR where applicable for your organization.
How to accept the HIPAA Business Associate Amendment

For customers with HIPAA compliance needs, Google offers a Business Associate Amendment (BAA).

To review and accept this BAA, you must be signed in to an administrator account for your organization's Google Workspace or Cloud Identity account. Non-administrator Google Workspace or Cloud Identity users or users of the legacy free edition of Google Workspace (sometimes referred to as "Google Apps Standard Edition") cannot review and accept a BAA from Google at this time.

Review and accept the HIPAA Business Associate Amendment

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Accountand thenAccount settingsand thenLegal and compliance.

  3. Go to the Security and Privacy Additional Terms section.
  4. Click Google Workspace/Cloud Identity HIPAA Business Associate Amendment to review the amendment.
  5. Click Review and Accept and answer all three questions to confirm that you are a HIPAA covered entity.
  6. To accept the HIPAA BAA, click OK .

See also

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Main menu
7876942869265572770
true
Search Help Center
true
true
true
true
true
73010
false
false