Digital data sovereignty and how it works | Google Workspace
In today's global economy, organisations frequently need to transfer data across different countries and regions to facilitate collaboration among employees and partners. This process is made possible through the use of cloud services, which provide a secure and reliable platform for processing and storing data. One key aspect of this is digital data sovereignty, which involves ensuring sensitive information is protected while allowing organisations to have control over where their data is stored and processed. This helps ensure compliance with the laws and regulations of the country of origin, restrict access to authorized parties, and ensure data portability and survivability in case of emergencies.
Regulatory compliance
One way to meet regulatory requirements is by using a cloud service that is compliant with industry certifications. This allows organisations to stay ahead of evolving regulations worldwide. Advanced data residency controls and industry certifications enable a proactive approach to compliance.
Privacy from third parties
To prevent unauthorized access to sensitive data, it is essential to have technical controls in place to ensure privacy from third parties. By implementing attestable controls, organisations can prevent cloud provider employees or foreign government agencies from accessing their confidential information.
Granular data controls
Organisations can determine the regions where their data is processed and stored, control access to the data, and implement encryption and zero-trust controls. This allows for a high level of control over data access and ensures compliance with data protection regulations.
Google Workspace operates on a secure-by-design infrastructure provided by Google. It includes advanced AI-powered threat defenses and data loss prevention controls to offer a secure foundation for organisations of all sizes. Organizations can choose where their data is stored and processed, such as the EU or the US, and store data copies in their preferred countries with local data storage options.
Client-side encryption (CSE) adds an additional layer of data privacy and protection, preventing Google and foreign governments from accessing confidential data. By meeting demanding regulatory requirements and certifications such as SOC 1/2/3, ISO 27701 and 27001, organisations can ensure compliance with standards like GDPR, HIPAA, FedRAMP High, DoD IL4, and more.
Google's commitment to data privacy is evident in Gemini for Workspace, which does not use organizational data, prompts, or responses for training purposes. Organizational data is not utilized for advertising and can be deleted or exported at any time.
Google Workspace offers capabilities such as data regions and client-side encryption to help customers meet their digital sovereignty needs. Data regions allow customers to store and process data in their preferred regions, while local data storage enables data to be stored in specific countries to comply with evolving regulations or client requirements. With client-side encryption, organizations can control encryption keys outside of Google and select the key hosting location to meet regional compliance requirements.
Access controls within Google Workspace enable organizations to limit the regions from which Google employees can access customer data for support. Customizable rules ensure that Google support staff require fine-grained approvals before accessing any data.
Digital sovereignty features like data regions and client-side encryption are available to customers with the Workspace Enterprise Plus license. Additional digital sovereignty controls can be accessed through the Assured Controls Plus add-on.
For more information on how Google protects organizational privacy and enhances privacy, confidentiality, and digital sovereignty controls, refer to the technical documentation.
Achieve digital sovereignty with Google Workspace.
