Products and services relevant to data controllers
The following privacy principles are relevant to conduct of data controllers that place their data into the cloud, and apply to many jurisdictions around the world
Privacy principles and our capabilities
An illustrative list of Google Cloud's capabilities to help data controllers comply with Common Privacy Principles
Control
Product
Overview
Data Minimization
Data Minimization
Data Discovery
Google Cloud's Data Loss Prevention (DLP) helps you discover and classify data at scale. Data such as payment card numbers, national identification numbers, protected health information, and other types of PII can be identified and tagged.
Once discovered, DLP allows customers to minimize processing of PII through de-identification (e.g. tokenization) or automatic purging of unneeded data
Data Management
PII discovered with DLP can be tagged and published in enterprise-wide monitoring such as Security Command Center, Data Catalog, Cloud Monitoring, etc.
Integrity and Confidentiality (some examples, for a full list see Security Products)
Integrity and Confidentiality (some examples, for a full list see Security Products)
User Access Management
The Google Admin Console provides for centralized user administration and security reporting, which makes setup and management very efficient.
CloudIdentity and Access Management (IAM) can be used to assign roles and permissions to administrative groups, incorporating principles of least privilege and separation of duties.
Learn how to add Cloud Identity to your Google Workspace Account.
Secure Processing
Confidential Virtual Machines and GKE nodes enable you to encrypt data in use, while it is being processed.
Transparency
Maintain visibility of insider access to your data through near real-time logs from Access Transparency
Encryption
Google Cloud supports both Customer-Supplied and Customer-Managed encryption keys
Storage Limitation
Storage Limitation
Data Retention Monitoring
Data Catalog offers a programmatic, scalable mechanism to associate data with meaningful tags. Tagged data can be collected in a dashboard to help a Controller’s retention team identify when records are approaching retention thresholds and need to be purged
Data Residency
Maintain control over data residency requirements through Cloud's data regions
Purpose Limitation
Purpose Limitation
Cloud Identity and Access Management (IAM) can be used for multiple types of identities (Employees, Partners, Workloads and End Users) to restrict access to roles more aligned with the dataset’s purpose
IAM Recommender can help to define custom roles for more granular access control
VPC Service Controls enforces policies to isolate services and enable context aware access which can take into account the user’s identity and location before allowing access.
Control
Data Minimization
Data Discovery
Data Management
Integrity and Confidentiality (some examples, for a full list see Security Products)
User Access Management
Secure Processing
Transparency
Encryption
Storage Limitation
Data Retention Monitoring
Data Residency
Purpose Limitation
Product
Data Minimization
Integrity and Confidentiality (some examples, for a full list see Security Products)
Storage Limitation
Overview
Data Minimization
Google Cloud's Data Loss Prevention (DLP) helps you discover and classify data at scale. Data such as payment card numbers, national identification numbers, protected health information, and other types of PII can be identified and tagged.
Once discovered, DLP allows customers to minimize processing of PII through de-identification (e.g. tokenization) or automatic purging of unneeded data
PII discovered with DLP can be tagged and published in enterprise-wide monitoring such as Security Command Center, Data Catalog, Cloud Monitoring, etc.
Integrity and Confidentiality (some examples, for a full list see Security Products)
The Google Admin Console provides for centralized user administration and security reporting, which makes setup and management very efficient.
CloudIdentity and Access Management (IAM) can be used to assign roles and permissions to administrative groups, incorporating principles of least privilege and separation of duties.
Learn how to add Cloud Identity to your Google Workspace Account.
Confidential Virtual Machines and GKE nodes enable you to encrypt data in use, while it is being processed.
Maintain visibility of insider access to your data through near real-time logs from Access Transparency
Google Cloud supports both Customer-Supplied and Customer-Managed encryption keys
Storage Limitation
Data Catalog offers a programmatic, scalable mechanism to associate data with meaningful tags. Tagged data can be collected in a dashboard to help a Controller’s retention team identify when records are approaching retention thresholds and need to be purged
Maintain control over data residency requirements through Cloud's data regions
Purpose Limitation
Cloud Identity and Access Management (IAM) can be used for multiple types of identities (Employees, Partners, Workloads and End Users) to restrict access to roles more aligned with the dataset’s purpose
IAM Recommender can help to define custom roles for more granular access control
VPC Service Controls enforces policies to isolate services and enable context aware access which can take into account the user’s identity and location before allowing access.
Explore all our privacy and security products
Learn more about Cloud Privacy and Security products
Take the next step
Tell us what you’re solving for. A Google Cloud expert will help you find the best solution.
Work with a trusted partner
Find a partnerStart using Google Cloud
Try it freeContinue browsing
See all products