Privacy compliance and records for Google Workspace and Cloud Identity

You only need to opt in to the Cloud Data Processing Addendum (CDPA) if your Google Workspace or Cloud Identity agreement does not already incorporate the CDPA (or the DPA) by reference. If you are unsure whether such agreement already incorporates the CDPA (or the DPA) by reference, we recommend you opt in to the CDPA, as it contains important compliance commitments and your opt-in won't make any difference if, in fact, your agreement already incorporates it (or the DPA).

If you’d like to opt in:

1. Sign in with a super administrator account to the Google Admin console.

   If you aren’t using a super administrator account, you can’t complete these steps.

2. Go to Menu  Account > Account settings > Legal and compliance.
3. In Security and Privacy Additional Terms, under Cloud Data Processing Addendum to Google Workspace or Cloud Identity Agreement, click Review and Accept.
4. Ensure that you or the appropriate individual within your organization reviews the contract clauses.
5. Click I Accept.

Read more about Google’s approach to the General Data Protection Regulation and Google Workspace security and trust.

Step 1: Certify if European data protection law applies

If your billing address is outside Europe, the Middle East, and Africa, and your use of Google Workspace or Cloud Identity is or becomes subject to the EU GDPR, UK GDPR or the Swiss FDPA (each as defined in the Cloud Data Processing Addendum (CDPA), previously called the Data Processing Amendment), you need to certify as such, and identify your competent Supervisory Authority (or Authorities) by following the steps below.

1. Sign in with a super administrator account to the Google Admin console.

   If you aren’t using a super administrator account, you can’t complete these steps.

2. Go to Menu  Account > Account settings > Legal and compliance.
3. In Security and Privacy Additional Terms, click Indicate that EU Data Protection Law applies to you.
4. Click Certify if Applicable.
5. Click Save. If you need to uncertify, click Uncertify. 

Step 2. Provide details of your European supervisory authority, DPO and representative

1. Sign in with a super administrator account to the Google Admin console.

   If you aren’t using a super administrator account, you can’t complete these steps.

2. Go to Menu  Account > Account settings > Legal and compliance.
3. Under Your Supervisory Authority/ies, identify the applicable authority/ies.
4. Click Save.
5. Follow the steps to Register DPO or representative for the GDPR where applicable for your organization.