Getting ready for Europe’s new data protection rules
Next May, Europe’s new General Data Protection Regulation (GDPR) comes into force, replacing the 1995 EU Data Protection Directive. It ushers in a new era, unifying data protection rules across Europe, strengthening the rights of EU citizens and placing new obligations on all organisations that offer goods and services online.
Google is committed to complying with the GDPR across all of the services that we provide in Europe. That includes our most popular consumer products like Search and Gmail, all of our advertising and measurement services like AdWords, AdSense, DoubleClick and Analytics, our Cloud services as previously announced, as well as, of course, any services we launch in the future.
We’ve always worked hard to demonstrate that our services are secure and meet the standards of applicable data protection rules. We offer transparency to users through clear explanations of how we use personal data and our “Why This Ad” program, while giving people controls to manage their privacy through My Account and My Activity.
But we’re also keenly aware that our customers and partners have significant obligations under these new laws, and so we conduct regular audits, maintain certifications, provide industry-standard contractual protections and share tools and information to help them with their compliance. As we get ready for the GDPR, we’ll continue on that path, and have recently launched a new site for our customers and partners that explains:
the control that businesses have over the data they share with us;
the security of our infrastructure;
our commitment to complying with applicable data protection laws; and
the freely available resources and training we provide to help businesses get the most from their data.
In the coming months we will make available updated contractual commitments that meet GDPR requirements for our customers and partners. And we will continue to evolve our privacy protections and practices to meet the GDPR’s requirements.Our aim is always to keep data private and safe – and to put our users and partners in control.