Who runs Google Drive on Google

Use Google services in the company in accordance with data protection regulations

Over the years, Google has produced a variety of cloud services. Their spectrum is broad, ranging from e-mail services to cloud storage and full-fledged office solutions. Most of the services are considered to be powerful and mature, which is why they are very popular.
More and more companies are getting enthusiastic about Google services and are integrating them into their processes and systems.

Don't fall into the data protection trap

As practical and reliable as the apps, programs and SaaS solutions from Google may be, many companies violate applicable data protection regulations by using them. Such GDPR violations often happen unconsciously because data protection aspects have not been taken into account.

If you notice a data protection violation, there may be an obligation to report, depending on the situation. In addition, there is a risk that violations of the GDPR will be detected and reported from outside. If the responsible data protection authority takes action, this can result in considerable costs (e.g. fines).

The most popular Google services at a glance

  • Google Docs, Sheets, Slides and Forms (Office solution)
  • Google Duo (video calls)
  • Google Drive (file storage)
  • Google Calendar
  • Gmail (email solution)
  • Google notes

Stumbling block in data protection: order processing & transfer to third countries

Whether with Google or other cloud service providers, the typical risks are mostly the same. First of all, there is the admissibility of use. A necessary check to determine whether there is a legitimate interest in the planned processing of personal data. If not, processing of the data (e.g. in the form of storage or transmission) would not be legally permissible.

One of the most common stumbling blocks in connection with the use of Google services is the transmission of data to Google. The group operates its own data centers around the world, although data is preferably stored on servers in the USA. There is therefore a risk of data being transferred to the USA and thus to a third country. However, it is only permitted in connection with protection through targeted measures.

Another aspect is order processing. Even if only storage of the data (e.g. via Google Drive) is planned, this represents order processing. As a result, there is a need to conclude a contract with the order processor - i.e. Google.

How to use Google Services in compliance with data protection regulations

Before you use Google services, take a close look at them. It must be checked how the group handles the transmitted data. Depending on the situation, a data protection impact assessment can be recommended in order to identify and assess risks and derive suitable solutions.

In most cases, the simplest and safest solution should be to use Google services in conjunction with a suitable tariff. The fact is that many of Google's services are aimed at consumers and businesses alike. But from the point of view of companies, the services offered free of charge to consumers cannot always be used in compliance with data protection regulations.

Numerous services are available as part of Google Workspace (for a fee). Compared to the free solution, the services are often expanded and promise compliance with the GDPR, e.g. through the exclusive transmission of data to servers located within the EU. In addition, other tools are often available, for example for compliance-compliant email archiving. Billing within these tariffs is usually based on the number of employee or Google accounts.


The unchecked use of Google services is associated with considerable data protection risks. Fortunately, many tools and services can be used in a GDPR-compliant manner, especially if a targeted tariff is selected. If you have any questions or other concerns about corporate data protection, please do not hesitate to contact us. Take advantage of our free initial consultation.