With General Data Protection Regulation coming to force, numerous companies and services are rushing to adjust their protocols and operating procedures to meet the newly imposed requirements.
If you’re among the three million clients using G-Suite to manage your staff communication and coordination, there are a couple of notable changes you should consider to ensure that your business is GDPR compliant. Fortunately, we’ve prepared a list that should help you and guide you through the process.
Update your DPA compliance
As you may know, GDPR tends to regulate businesses that are based in or trade within the European Union. If you happen to fall under this category, your contact with Google needs to be updated.
The first step you must make is to accept Google’s updated Data Processing Agreement (DPA) 2.0 terms. To do this, sign in to your Google Admin console and navigate to Company profile. Under the section Security and Privacy Additional terms, click Review and Accept. It will confirm your compliance with DPA 2.0 and therefore set up the legal groundwork for upcoming changes.
Include model contract clauses
As a way of making its services more transparent, Google offers model contract clauses as an additional element of meeting new regulations introduced by the European Parliament. It is expected from all businesses or individuals registered within its jurisdiction to comply with its latest version.
To do so, stay within your Google admin console and its Security and Privacy Additional Terms section and look for ‘EU Model Contract Clauses for G Suite’ or ‘EU Model Contract Clauses for Cloud Identity.’ Proceed to Review and accept and confirm your choice.
Make sure to comply with the HIPAA Business Associate Amendment
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data by utilizing user controlled encryption. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
That includes Google as well, so if you’re one of their clients, you need to confirm your agreement with GDPR regulations related to HIPAA as well, by using the same console and tabs as with previous issues.
Hire Data Protection Officers
Introduction of new data regulations leads to the emergence of data protection as a service. Businesses that gather and trade particular personal data are also required by GDPR to appoint Data Protection Officers, or DPO’s. If your organization is a part of the public authority, carries out extensive monitoring of individuals, or processes specific categories of data related to criminal records, you are obligated to hire a DPO to ensure that data is handled and preserved in accordance to new regulations.
Again, access your Google Admin console, go to ‘Company Profile’ and click to show more. Head to ‘Legal & Compliance’ section and look for ‘Your data protection officer details.’ Enter the contact information requested and save your settings.
These small yet essential revisions will make your G-Suite compliant to GDPR regulations. New changes are yet to be announced, and to avoid unnecessary troubles and risks, make sure to be on a lookout for news and trends related to GDPR.