Compliance amendments for G Suite and Cloud Identity

You must be signed in as a super administrator for this task.

Version 2 of the Data Processing Amendment (DPA 2.0)

In October 2017, Google rolled out version 2.0 of the Data Processing Amendment (DPA 2.0) for G Suite and Cloud Identity. That update included changes in anticipation of the EU’s General Data Protection Regulation (GDPR) coming into force on May 25, 2018.

If the GDPR applies to Google’s processing of your data—for example, if you are established in the European Union, or established outside the European Union but offer goods/services to data subjects who are in the European Union—it requires your contract with Google to contain certain data processing terms. Unless you accept the DPA 2.0, your contract will lack those terms. We therefore recommend that you accept the DPA 2.0 on behalf of your organization or seek legal advice.

Opt in to the DPA 2.0 for G Suite or Cloud Identity
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Company profileand thenProfile.
  3. In Security and Privacy Additional Terms, next to Data Processing Amendment to G Suite and/or Complementary Product (e.g. Cloud Identity) Agreement, click Review and Accept.
  4. Ensure that you or an appropriate person within your organization reviews the DPA 2.0.
  5. Click I Accept.

Read more about Google’s approach to the General Data Protection Regulation and G Suite security and compliance.

Model contract clauses

In addition to participating in the U.S.-EU Privacy Shield Framework, Google offers model contract clauses as an additional means of meeting the adequacy and security requirements of the European Parliament and Council of the European Union Data Protection Directive.

Opt in to model contract clauses for G Suite or Cloud Identity
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Company profileand thenProfile.
  3. In Security and Privacy Additional Terms, next to either EU Model Contract Clauses for G Suite or EU Model Contract Clauses for Cloud Identity, click Review and Accept.
  4. Ensure that you or an appropriate person within your organization reviews the contract clauses.
  5. Click I Accept.

HIPAA Compliance

For customers with HIPAA compliance needs, Google offers a Business Associate Amendment.

To review and accept this BAA, you must be signed in to an administrator account for your G Suite or Cloud Identity domain. Non-administrator G Suite or Cloud Identity users or users of Google Apps Free Edition (sometimes referred to as "Standard Edition") cannot review and accept a BAA from Google at this time.

Opt in to the HIPAA Business Associate Amendment
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Company profileand thenProfile.
  3. In Security and Privacy Additional Terms, next to G Suite/Cloud Identity HIPAA Business Associate Amendment, click Review and Accept.
  4. Answer all three questions to confirm that are a HIPAA covered entity.
  5. Click OK to accept the HIPAA BAA.
Was this article helpful?
How can we improve it?