Compliance amendments for Google Workspace and Cloud Identity

You must be signed in as a super administrator for this task.

Google Workspace and Cloud Identity offer the Data Processing Amendment (DPA) and model contract clauses (MCCs) as a means of meeting the adequacy and security requirements of the European Union's General Data Protection Regulation (the "GDPR"). For customers with HIPAA compliance needs, Google offers a Business Associate Amendment.

Follow the steps below to review and accept these amendments

  • Data Processing Amendment (DPA 2.1 or later)
  • Model contract clauses
  • HIPAA Business Associate Amendment
  • Google Cloud User Experience Research Panel Addendum

Data Processing Amendment (DPA 2.1 or later)

If the GDPR applies to Google’s processing of your data—for example, if you are established in the European Union, or established outside the European Union but offer goods/services to data subjects who are in the European Union—it requires your contract with Google to contain certain data processing terms. Unless you accept the DPA 2.1 (or later version), your contract will lack those terms. We therefore recommend that you accept the DPA 2.1 (or later version) on behalf of your organization or seek legal advice.
  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Account settingsand thenLegal and Compliance.

  3. In Security and Privacy Additional Terms, under Data Processing Amendment to Google Workspace and/or Complementary Product (e.g. Cloud Identity) Agreement, click Review and Accept.
  4. Ensure that you or the appropriate individuals within your organization review the DPA 2.1 (or later version).
  5. Click I Accept.

Read more about Google’s approach to the General Data Protection Regulation and Google Workspace security and trust.

Model contract clauses

Google offers model contract clauses as an additional means of meeting the adequacy and security requirements of the GDPR.

Important: After August 10th, 2020, if the GDPR applies to your use of Google Workspace, the MCCs will automatically apply as part of the DPA even if you have not previously accepted the MCCs in the Admin Console. You do not need to click-to-accept MCCs. However, if you still wish to accept the MCCs separately, you can follow the instructions below. 

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Account settingsand thenLegal and Compliance.

  3. In Security and Privacy Additional Terms, under either EU Model Contract Clauses for Google Workspace or EU Model Contract Clauses for Cloud Identity, click Review and Accept.
  4. Ensure that you or an appropriate person within your organization reviews the contract clauses.
  5. Click I Accept.

HIPAA Business Associate Amendment

For customers with HIPAA compliance needs, Google offers a Business Associate Amendment (BAA).

To review and accept this BAA, you must be signed in to an administrator account for your organization's Google Workspace or Cloud Identity account. Non-administrator Google Workspace or Cloud Identity users or users of the legacy free edition of Google Workspace (sometimes referred to as "Google Apps Standard Edition") cannot review and accept a BAA from Google at this time.

Review and accept the HIPAA Business Associate Amendment

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Account settingsand thenLegal and Compliance.

  3. In Security and Privacy Additional Terms, under Google Workspace/Cloud Identity HIPAA Business Associate Amendment, click Review and Accept.
  4. Answer all three questions to confirm that are a HIPAA covered entity.
  5. To accept the HIPAA BAA, click OK .

Google Cloud Pre-General Availability Program Agreement

If your organization has been invited or applied to participate in a Google Cloud Pre-General Availability (GA) program, an authorized representative from your organization must review and accept the Google Cloud Pre-General Availability Program Agreement to participate.  

Review and accept the agreement

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Account settingsand thenLegal and Compliance.

  3. Under Google Cloud Pre-General Availability Program Agreement, click Review and Accept to view the agreement (available in English only).
  4. To accept the agreement, click Accept .

Next steps 

Fill out the Pre-GA Program Customer Interest form (English only) and we'll contact you about Alpha or Beta programs that might be a fit for your organization. 

If we contact you about joining a program, you'll get a Test Application addendum to review and sign. The addendum describes the specific product or feature in the Alpha or Beta program, and any additional terms. 

Google Cloud User Experience Research Panel Addendum

If your organization has been invited or applied to participate in a Google Workspace User Research Panel, you may want to review and accept the Google Cloud User Experience Research Panel Addendum. 

Review and accept the addendum

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Account settingsand thenLegal and Compliance.

  3. Under Google Cloud User Experience Research Panel Addendum, click Review and Accept to view the addendum (available in English only).  
  4. To accept the addendum, click Accept
Was this helpful?
How can we improve it?