Privacy compliance and records for Google Workspace and Cloud Identity

Last udated September 24, 2021


Google Workspace and Cloud Identity offer the Data Processing Amendment (DPA), which incorporates standard contract clauses (SCCs), as a means of meeting the security, contracting and data transfer requirements under EU, UK and Swiss data protection laws. For customers with HIPAA compliance needs, Google offers a Business Associate Amendment.

How to opt in to the Data Processing Amendment (DPA)

You only need to opt into the Data Processing Amendment (DPA) if your Google Workspace or Cloud Identity agreement does not already incorporate the DPA by reference. If you are unsure whether such agreement already incorporates the DPA by reference, we recommend you opt into the DPA, as it contains important compliance commitments and your opt-in won't make any difference if, in fact, your agreement already incorporates it.

 If you’d like to opt in:

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Account settingsand thenLegal and Compliance.

  3. In Security and Privacy Additional Terms, under Data Processing Amendment to Google Workspace and/or Complementary Product (e.g. Cloud Identity) Agreement, click Review and Accept.
  4. Ensure that you or the appropriate individual within your organization reviews the contract clauses.
  5. Click I Accept.

Read more about Google’s approach to the General Data Protection Regulation and Google Workspace security and trust.

How to indicate if European Data Protection Law applies to you and provide related information

Step 1: Certify if European data protection law applies

If your billing address is outside Europe, the Middle East, and Africa, and your use of Google Workspace or Cloud Identity is or becomes subject to the EU GDPR, UK GDPR or the Swiss FDPA (as defined in the DPA), you need to certify as such, and identify your competent Supervisory Authority (or Authorities) by following the steps below.

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Account settingsand thenLegal and Compliance.

  3. In Security and Privacy Additional Terms, click Indicate that EU Data Protection Law applies to you.
  4. Click Certify if Applicable.
  5. Click Save. If you need to uncertify, click Uncertify. 

Step 2. Provide details of your European supervisory authority, DPO and representative

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Account settingsand thenLegal and Compliance.

  3. Under Your Supervisory Authority/ies, identify the applicable authority/ies.
  4. Click Save.
  5. Follow the steps to Register DPO or representative for the GDPRwhere applicable for your organization.
How to accept the HIPAA Business Associate Amendment

For customers with HIPAA compliance needs, Google offers a Business Associate Amendment (BAA).

To review and accept this BAA, you must be signed in to an administrator account for your organization's Google Workspace or Cloud Identity account. Non-administrator Google Workspace or Cloud Identity users or users of the legacy free edition of Google Workspace (sometimes referred to as "Google Apps Standard Edition") cannot review and accept a BAA from Google at this time.

Review and accept the HIPAA Business Associate Amendment

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Account settingsand thenLegal and Compliance.

  3. Go to the Security and Privacy Additional Terms section.
  4. Click Google Workspace/Cloud Identity HIPAA Business Associate Amendment to review the amendment.
  5. Click Review and Accept and answer all three questions to confirm that you are a HIPAA covered entity.
  6. To accept the HIPAA BAA, click OK .

See also

Was this helpful?
How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
Search Help Center
false