Is Gmail GDPR Compliant?
Gmail privacy and compliance overview. Last scanned: 1 months ago.
Gmail scored 76/100 (grade C), with 4 passing signal(s) and 3 area(s) needing attention. Top area to address: Privacy policy found but may be incomplete or outdated. This is an automated technical assessment, not a legal compliance certification.
76/100
Privacy and compliance score
Scanned May 22, 2026 in fetch mode.
CCPA / CPRA disclosures
0/8No CCPA/CPRA opt-out signals detected. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance.
Privacy policy
6/10Privacy policy found but may be incomplete or outdated.
DPA and sub-processor list
3/7Sub-processor list found, but no DPA reference detected.
Cookie consent banner
12/12No tracking detected: consent banner not required.
Accessibility (WCAG 2.x AA)
7/15Accessibility scan unavailable in fetch mode.
COPPA signal
5/5No COPPA language detected.
Pre-consent tracking
23/23No third-party trackers detected before consent.
Security headers
10/10All four security headers present.
AI training stance
5/5AI training opt-out disclosure found in privacy policy.
Hosting region disclosure
5/5Data hosting region disclosed in privacy policy.
Does Gmail self-report SOC 2, HIPAA, or PCI compliance?
The following is based on Gmail's public documentation. ComplianceCheckup has not independently audited these claims.
Frequently asked questions about Gmail compliance
Is Gmail GDPR compliant?
Gmail received a privacy grade of C (76/100) in our automated scan. No CCPA/CPRA opt-out signals detected. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance. For a complete GDPR assessment, consult a qualified privacy professional.
Does Gmail offer a Data Processing Agreement (DPA)?
Yes. Gmail provides a DPA linked in the Legal documents section above. Review it carefully and sign before transferring personal data.
Is Gmail SOC 2 certified?
Gmail holds a SOC 2 Type II certification.
Does Gmail have a HIPAA Business Associate Agreement?
Yes. Gmail publicly offers a HIPAA BAA. Check their legal or trust center page for the current BAA template.
What are Gmail's biggest privacy risks?
Based on our automated scan, the top areas of concern are: CCPA / CPRA disclosures, Privacy policy, DPA and sub-processor list. No CCPA/CPRA opt-out signals detected. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance. These findings are automated and may not capture all risks.
How does Gmail handle CCPA?
No CCPA/CPRA opt-out signals detected. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance. CCPA requires businesses handling California residents' data to disclose data practices, honor opt-out requests, and support the Global Privacy Control (GPC) signal. Our scan checks for GPC support and CCPA-relevant cookie disclosures.
Not legal advice. The scan grade is an automated technical assessment and does not constitute legal or compliance advice. Self-reported claims have not been independently verified. Results may contain false positives or miss issues that cannot be detected programmatically. Consult a qualified attorney or compliance professional for your specific situation.