Google Cloud Security Specialist: No GDPR Compliance Problems

Google Cloud hasn’t experienced any major compliance issues since the European Union’s General Data Protection Regulation (GDPR) went into effect last year and isn’t concerned about the similar regulations that are sure to follow, according to James Snow, CE specialist for security and compliance at the company.

“For Google, believe it or not, [GDPR] was not really that big a deal — especially for Google Cloud,” he said March 6 during a Google Cloud Security Talks online conference. After all, he explained: “This is an evolution of regulation. This wasn’t a revolution [although] it required some additional controls.”

GDPR “actually helped us” because there’s now just one set of rules to meet instead of multiple ones for each country in Europe, he noted, adding: “This has actually made it easier to do business. We have single contracts. We have a single set of rules. And the great thing about doing business in Europe is either you meet the rule, or you don’t. There’s not a whole lot of wiggle room.”

Summing up the impact that GDPR has had on Google Cloud so far, he said: “Everything is still going alright. No large investigations. No big claims against us or any of our enterprise customers as part of our enterprise business.”

Meanwhile, Snow is getting a lot of questions about the upcoming California Consumer Privacy Act that’s expected to go into effect in 2020, he told listeners. “We’re evaluating” that law, but Google Cloud is “not terribly concerned” about it because the company already meets the tough requirements of GDPR and “we protect all user data at the same level,” he said, predicting it will be akin to nothing more than “maybe a potential contractual formality.”

During the Q&A, he noted Google Cloud was already compliant with the new data protection law in Brazil, where it has a data center. “We didn’t have to make any engineering changes” to be compliant with that law, he noted.

He predicted there will be more similar laws, noting Vietnam just passed one, Canada is making changes to its rules and there’s even discussions about a federal U.S. law.

There’s an “ever-evolving threat” when it comes to security and compliance that Google Cloud is prepared for, he said, noting the company has made a $30.9 billion in network investments over the past three years.

Earlier in the presentation, he pointed out his company’s “making a big push into regulated industry,” which he said has “very specific requirements.” Because of those requirements, “we want to partner with you and our customers” on the initiative, he said. Considerations that Google Cloud must consider include understanding “what sort of data … you’re going to be putting on our platform,” as well as what regional regulatory requirements there are, he noted. The company will provide regulatory oversight, so if a regulator needs to audit Google that will be possible, he said, adding: “We’re doing this in financial services, healthcare and government.”