Hi, I'm a Google Workspace for Education administrator for a Swiss school located in Switzerland.
We don't yet have a legal advisor and we can't understand if we have to accept the following terms
1. Data Processing Amendment to Google Workspace and/or complementary product (e.g. Cloud Identity) agreement
2. Indicate that the EU data protection law applies to you
3. Google Workspace/Cloud Identity HIPAA business associate amendment
What happens if we accept?
What happens if we don't?
The email received from Google is not clear about it.
I understand it's very legal technical language, but maybe there's someone around who has already gone through this.
Thank you very much for your support.
It sounds like they are trying to determine if you need a data processing amendment or not and likewise for HIPAA (an american health act related to the privacy of patient health data). Point 2 they are trying to understand if EU processing clauses apply (like the SCCs which were updated in by the EU in June).
I'm not an expert in GCP, if you dont accept them I would expect it would roll back to their ISO (specifically ISO 27018) and SOC2 commitments - which are compliance standards not laws.
Specifically its legal language, would your school not have a policy on this kind of thing?
Thanks for the suggestion.
Basically we'll accept the first, while the second and third are not applicable to us.