FREQUENTLY ASKED QUESTIONS « WHAT IS THE GDPR? » The General Data Protection Regulation is a new EU privacy legislation that will replace the 95/46/EC Directive on Data Protection of 24 October 1995. « WHEN WILL THE GDPR The GDPR will be directly applicable in all European Union TAKE EFFECT? » Member States starting from 25 May 2018. « DOES THE GDPR REQUIRE No. Like the 95/46/EC Directive on Data Protection, the GDPR STORAGE OF PERSONAL DATA sets forth certain conditions for the transfer of personal data IN THE EU? » outside the EU. Such conditions can be met via mechanisms such as model contract clauses. « WILL THE GDPR GIVE Under the GDPR, audit rights must be granted to data CUSTOMERS THE RIGHT TO controllers in their contracts with data processors. The AUDIT GOOGLE CLOUD? » updated data processing agreements we will offer from 25 May 2018, when the GDPR comes into force, therefore include audit rights for the benefit of our customers. « WHAT ROLE DO THIRD-PARTY Our third-party ISO certifications and SOC 2/3 audit reports ISO 27001, ISO 27017, ISO can be used by customers to help conduct their risk 27018, AND SOC 2/3 REPORTS PLAY IN COMPLIANCE assessments and help them determine whether appropriate WITH THE GDPR? » technical and organisational measures are in place. « WHAT OTHER INFORMATION Refer to Google’s Businesses and Data website. HAS GOOGLE PROVIDED ON THE GDPR? » PAGE 10 © Copyright 2018 Google Cloud