EU Data Protection Authorities Confirm Google Cloud Compliance

The European Union’s (EU) data protection authorities have confirmed that Google’s cloud platform meets the requirements for the transfer of data from the EU to the rest of the world.

G Suite and Google Cloud Platform (GCP) both officially adhere to EU Data Protection Directive 95/46/EC, which was adopted in 1995 to regulate the protection of individuals with regard to the processing and free movement of personal data.

Google has described the news as an “important milestone” for the company and its customers, confirming that Google Cloud meets the European regulatory requirements for data flow.

Cloud compliance

“In practice, this compliance finding will enable our customers in most EU countries to rely on Google Cloud model contract clauses for the international transfer of data without further authorisations, and will simplify the processing of national authorisations in other countries, where required,” said Marc Crandall and Matthew O’Connor, head of global compliance and head of security compliance for the Google Cloud platform, in a blog post.

“It will also help to facilitate our customers’ data protection risk assessments.”

The next 12 months are going to be hugely important for organisations when it comes to the transfer of data, as new Global Data Protection Regulations (GDPR) creep ever closer.

GDPR seeks to give citizens more control over their personal data and will come into force in May 2018. However, the majority of businesses are not confident in achieving 2018’s compliance and just four percent understand the impact that the new regulations will have.

Failure to comply could result in huge fines of up to 4 percent of global revenue for the previous year, or €20 million (£15.8m) depending on which is greater.

The Information Commissioner’s Office (ICO) has already shown that is not afraid to dish out financial penalties, recently fining the Royal & Sun Alliance Insurance (RSA) £150,000, as well as two of the UK’s top charities.

Ironically, the ICO was also forced to investigate itself  for failing to meet British data protection laws in a number of cases over the last four years.

Quiz: Are you a privacy expert?