The GDPR requires Google to maintain records of certain information, including the contact details of your EU representative (if your organization is not established in the EU) and Data Protection Officer (DPO), where applicable.
School Admin users needs to:
1- Sign in to the Google Admin console.
2- Go to Company profile > Profile.
3- Click Profile
4- Scroll down to the Security and Privacy Additional Terms section
5- Review and accept the Data processing Amendment and EU Model Contract Clauses as screenshot- and Opt in to DPA version 2.0.
6- Click Show more to see Legal & compliance.
7- In the Legal & compliance section, enter details for your EU representative and DPO as needed- as screenshot
8- Click Save.
What is a data controller? What is a data processor?
A data controller determines the purposes and means of processing of personal data. A data processor processes personal data on behalf of a data controller. G Suite customers will typically act as the data controller for any personal data they provide to Google in connection with their use of G Suite. Google is a data processor and processes personal data on behalf of the data controller when the data controller is using G Suite.
What are my obligations as a customer and data controller?
Data controllers are responsible for implementing appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers' obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects' rights with respect to their data. You can find guidance related to your responsibilities under the GDPR by regularly checking the website of your national or lead data-protection authority under the GDPR (as applicable), as well as by reviewing publications by data-privacy associations, such as the International Association of Privacy Professionals (IAPP). You should also seek independent legal advice relating to your status and obligations under the GDPR, as only a lawyer can provide you with legal advice specifically tailored to your situation.
What is a Data Protection Officer or DPO?
A Data Protection Officer (DPO) is the person designated, where applicable, to facilitate compliance with the provisions of the GDPR. The GDPR defines the criteria and the conditions under which a DPO must be designated.
What is a Customer EU Representative?
A Customer EU Representative is the person designated, where applicable, to represent customers not established in the EU with regard to their obligations under the GDPR.