Posted by Marc Crandall, Head of Global Compliance, Google for Work
Nearly a decade ago, we launched Google Apps as an innovative new way for you to collaborate online. Since then, we’ve introduced security innovations like
encryption by default,
two-step verification,
security keys and a
security checkup to protect your data. These features underscore our commitment to data protection as outlined in our
Google Apps data processing amendment.
Today, we’re furthering our commitment to protect your data by adding the new
ISO/IEC 27018:2014 privacy standard to our compliance framework. The new standard provides guidance for cloud providers on protecting the personally identifiable information of their customers and their customers’ users.
Ernst & Young, an independent auditor, has verified that our privacy practices and contractual commitments for
Google Apps for Work and
Google Apps for Education comply with ISO/IEC 27018:2014. For example:
- We do not use your data for advertising
- The data that you entrust with us remains yours
- We provide you with tools to delete and export your data
- We protect your information from third-party requests
- We are transparent about where your data is stored
We continuously work with independent auditors to verify our data protection commitments. For example, over the years we’ve completed third-party
SOC2 /
SOC3 security audits and achieved
ISO 27001 certification to provide transparency and accountability around our security procedures.
The 27018 audit also validates that our Google Apps data protection commitments meet a rigorous international privacy and data protection standard. We think that this a great step forward for both our customers and for the industry. While laws and regulations vary from country to country, the principles set forth in the standard are widely recognized.
