New data protection rules, known as the GDPR, come into force in May 2018 and will have huge implications for companies who store or use customer’s personal or contact details.

With just three months left before the GDPR starts, it’s time to start thinking about the changes your business needs to make.

If you’re one of the three million businesses using GSuite to manage employee emails and files, there are a couple of important factors you need to consider to ensure that your company is GDPR compliant. Read on to discover what these are, and the steps you need to take.

 

Data processing

GDPR rules affect businesses that are based in, or trade within the European Union. If your business was established in the EU, or you offer goods and services within the UK, the data processing terms within your contract with Google need to be updated. If you don’t accept the updated terms, known as DPA 2.0, your business will not be fully GDPR compliant, which may result in legal action or hefty fines being imposed.

 

Accepting new data processing terms

To accept Google’s updated DPA 2.0 terms, you need to:

1) Log into your organisation’s GSuite admin console

GSuite Admin Console

2) Go into Account Settings via the menu, and choose 'Company Profile'

3) Select ‘Profile’ and scroll down to ‘Security and Privacy Additional Terms

GSuite security, privacy and additional terms

4) Review the DPA 2.0 terms

DPA 2.0 Terms

5) Click ‘Review and Accept

Click ‘Review and Accept’

6) Click ‘I Accept

Data Protection Officers

If your organisation carries out certain activities, the terms of the GDPR state that you must appoint a ‘Data Protection Officer’ (DPO).

Your organisation needs to appoint a DPO if: It is a public authority It carries out widespread monitoring of individuals (such as online behaviour tracking) It processes certain categories of data, such as data relating to criminal convictions

Your organisation needs to appoint a DPO if:

  • It is a public authority
  • It carries out widespread monitoring of individuals (such as online behaviour tracking)
  • It processes certain categories of data, such as data relating to criminal convictions

It’s worth getting expert advice to find out if you need to appoint a DPO. If your organisation does appoint a DPO, their details must be given to Google. Follow the steps below to do this.

Entering your DPOs details

To enter contact details for your DPO:

1) Log into your organisation’s GSuite admin console

2) Go into Account Settings via the menu, and choose ‘Company Profile

3) Click ‘Show More’, and head into the ‘Legal & Compliance’ section

4) In the section titled ‘Your data protection officer details’, enter the contact information requested

 

Data Protection Officer Details

 

5) Click 'Save'

Although the GDPR still seems a long time away, it’s worth taking these steps now to make sure your company is completely prepared and compliant before the 25th May.