Cloud based contact management software in European Union

How to create outlook signature

SPEAKER: So what is GDPR? Well, GDPR stands for General Data Protection Regulation. And it is a new European data protection legislation that replaces the 1995 Data Protection Directive. It comes into force on May 25, 2018. The GDPR really strengthens the rights that individuals have regarding personal data. And it seeks to unify data protection laws across the European Union. In general, the GDPR applies to all entities that process personal data in scope of the GDPR, regardless of what industry they belong to, whether they're a business, an NGO, or a school, for that matter. What are your responsibilities as a customer? Well, Article 4 of the GDPR describes the two roles with responsibilities regarding to personal data, controller and processor. Customers of Google Cloud Platform and G Suite will typically act as the controller for personal data they provide to Google in connection with their use to Google Cloud Platform and G Suite services. Processors process personal data on behalf of that controller. Google is a processor and processes personal data on behalf of the customer when the customer is using G Suite or Google Cloud Platform. So how does using a cloud provider like Google impact your obligations under GDPR? Well, controllers are required to only use processors that provide sufficient guarantees to implement appropriate technical and organizational measures that make sure that processing will meet the requirements of the GDPR. For example, Google employs security and privacy professionals that include some of the world's foremost experts in information security, application security, and network security. This team is tasked with maintaining the company's defenses, defense systems, developing security review processes, building the security infrastructure, and implementing Google security policies in general. So G Suite and Google Cloud Platform undergo independent third-party audits on a regular basis to provide independent verification of security, privacy, and compliance controls. This includes certifications for ISO 2701, focused on information security management, certification for ISO 2717, focused on cloud security, and certification for ISO 2718, focused on cloud privacy. SOC 2 and SOC 3 audit frameworks provide very granular controls on security, availability, processing integrity, and confidentiality of the data. Google employs an extensive team of lawyers, regulatory compliance experts, and public policy specialists who look after the privacy and the security compliance for Google. These teams engage with customers, with industry stakeholders, and supervisory authorities to shape our G Suite and Google Cloud Platform services in a way that helps customers meet their compliance needs. Will Google as a processor be compliant with GDPR? Well, Google is absolutely committed to GDPR compliance across Google Cloud Services. Of course, you don't have to take my word for it. We recently rolled out the Data Processing Amendment Version 2.0 for G Suite and the Data Processing and Security Terms Version 2.0 for Google Cloud Platform, both of which have been specifically updated to reflect the GDPR. We are making these terms available well in advance of the GDPR to facilitate our customers' compliance assessments and GDPR readiness when using G Suite and Google Cloud Platform. There are new GDPR requirements for breach notification. Will Google notify our organization in the event of a breach? Yes. This is the kind of contractual commitment you will find in our new terms. As a matter of fact, G Suite and Google Cloud Platform have provided contractual commitments around incident notification for many years. We will continue to promptly inform you of incidents involving your customer data in line with the data incident terms in your current agreements and the updated terms that will apply from May 25, 2018. That is when the GDPR comes into force. So where should you start? If your organization is a current user of G Suite or Google Cloud Platform, you should review the Data Processing Amendment or the Data Processing Security Terms that have been specifically updated to reflect the GDPR. If your organization wants to benefit from these updated terms from May 25, 2018, your administrator should then accept these in your admin console. Familiarize yourself with the provisions of the GDPR, particularly how they may differ from your current data protection obligations. Consider creating an updated inventory of personal data that you handle. You can use some of our tools to help identify and classify data. Review your current control policies and processes to assess whether they meet the requirements of the GDPR. And build a plan to address any gaps. Consider how you can leverage the existing data protection features on Google services as part of your own regulatory compliance framework. Conduct a review of G Suite or Google Cloud Platform third-party audits and certification materials, such as our SOC reports. These materials can help you understand the controls and the standards of practice that Google Cloud maintains so that you can determine if they may help you meet your obligations as a result of using G Suite or Google Cloud Platform. Monitor updated regulatory compliance guidance as it becomes available. And consult a lawyer to obtain legal advice specifically applicable to your circumstances. Which capabilities in G Suite can help protect personal data? Well, G Suite customers can leverage product features and configurations to further help protect personal data against unauthorized or unlawful processing. For example, two-step verification reduces the risk of unauthorized access by asking users for additional proof of identity when signing in. Security key enforcement offers another layer of security for user accounts by requiring a physical key for verification. Suspicious log-in monitoring, in place by default for all Google accounts, automatically helps detect suspicious logins using robust machine learning capabilities. Information rights management in Drive allows you to disable downloading, printing, and copying of files from the Advanced Sharing menu and to set expiration dates on file access. Mobile device management offers a continuous system monitoring and alerts in case of suspicious device activity. You can count on the fact that Google is committed to GDPR compliance across Google Cloud and G Suite services. We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts. For more information, head here.