Compliance amendments for G Suite and Cloud Identity

You must be signed in as a super administrator for this task.

G Suite and Cloud Identity offer the Data Processing Amendment (DPA 2.0) and model contract clauses as a means of meeting the adequacy and security requirements of the European Parliament and Council of the European Union's Data Protection Directive and General Data Protection Regulation (GDPR). For customers with HIPAA compliance needs, Google offers a Business Associate Amendment.

Here’s how to review and accept these amendments for G Suite and Cloud Identity:

Review and accept the Data Processing Amendment (DPA 2.0)

If the GDPR applies to Google’s processing of your data—for example, if you are established in the European Union, or established outside the European Union but offer goods/services to data subjects who are in the European Union—it requires your contract with Google to contain certain data processing terms. Unless you accept the DPA 2.0, your contract will lack those terms. We therefore recommend that you accept the DPA 2.0 on behalf of your organization or seek legal advice.

Note: Have a different version of G Suite? See instructions for Business email powered by G Suite or G Suite Business (team-managed).

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Company profileand thenProfile.
  3. In Security and Privacy Additional Terms, next to Data Processing Amendment to G Suite and/or Complementary Product (e.g. Cloud Identity) Agreement, click Review and Accept.
  4. Ensure that you or the appropriate individuals within your organization review the DPA 2.0.
  5. Click I Accept.

Read more about Google’s approach to the General Data Protection Regulation and G Suite security and compliance.

Review and accept model contract clauses

In addition to participating in the U.S.-EU Privacy Shield Framework, Google offers model contract clauses as an additional means of meeting the adequacy and security requirements of the European Parliament and Council of the European Union Data Protection Directive.

Note: Have a different version of G Suite? See instructions for Business email powered by G Suite or G Suite Business (team-managed).

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Company profileand thenProfile.
  3. In Security and Privacy Additional Terms, next to either EU Model Contract Clauses for G Suite or EU Model Contract Clauses for Cloud Identity, click Review and Accept.
  4. Ensure that you or an appropriate person within your organization reviews the contract clauses.
  5. Click I Accept.

Review and accept the HIPAA Business Associate Amendment

For customers with HIPAA compliance needs, Google offers a Business Associate Amendment (BAA).

To review and accept this BAA, you must be signed in to an administrator account for your G Suite or Cloud Identity domain. Non-administrator G Suite or Cloud Identity users or users of Google Apps Free Edition (sometimes referred to as "Standard Edition") cannot review and accept a BAA from Google at this time.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Company profileand thenProfile.
  3. In Security and Privacy Additional Terms, next to G Suite/Cloud Identity HIPAA Business Associate Amendment, click Review and Accept.
  4. Answer all three questions to confirm that are a HIPAA covered entity.
  5. Click OK to accept the HIPAA BAA.
Was this article helpful?
How can we improve it?