What’s changing
A big threat organizations must prepare for is the risk of data exfiltration through unwanted and/or unauthorized means. Whether it’s small-scale, unintended sharing, or a larger breach scenario, organizations need powerful defenses to protect themselves from these risks. To that end, we’re pleased to announce that today Data Loss Prevention (DLP) is generally available in Gmail, alongside Drive and Chat.
DLP is one of the most powerful ways organizations can protect themselves from these risks. With DLP capabilities in Gmail, organizations can identify, monitor, and control the sharing of sensitive data. It works through a series of easy to apply data protection rules that can be implemented to instantly detect sensitive content in outgoing messages, including body content, attachments, headers, and subject lines.
.png)
Additional details
How does DLP in Gmail compare to Content Compliance rules?
To prevent the exfiltration of sensitive data from Gmail, data protection rules with DLP are recommended. These rules offer a rich set of predefined detectors and the ability to build flexible conditions.
Additionally, organizations can tailor warning messages based on their organization's data governance requirements, terminology, and processes; these messages will help educate users on their organization's specific security and data protection policies to prevent sharing sensitive content.
Other features, such as content compliance, can still be used for different purposes, like evaluating inbound messages and routing them internally to relevant departments.
For more information, please refer to our initial open beta announcement.
DLP within the Google Workspace ecosystem
As part of Google Workspace ecosystem, DLP for Gmail comes with capabilities available across other applications, such as Drive and Chat, so admins can configure, implement and investigate Data Loss Prevention incidents using unified tools, such as Security Investigation Tool, or build custom dashboards using unified audit logs or export to BigQuery.
Taken together, DLP capabilities across Workspace provide powerful protections for organizations to reduce the risk of data breaches, comply with regulatory requirements, and protect their reputation and intellectual property.
Getting started
- Admins:
- Data loss prevention rules can be configured at the domain, OU, or group level. DLP rules can be enabled in Gmail in the Admin console under Security > Access and data control > Data protection. Visit the Help Center to learn more about controlling sensitive data shared in Gmail. Note that you can modify existing DLP rules for Drive and Chat to also apply to Gmail.
- DLP events can be reviewed in the Security Investigation Tool or Security > Alert Center, if alerts are configured in rules.
- With DLP for Gmail, data protection rules can be scanned synchronously or asynchronously. Visit our Help Center for more information.
- For new rules, we recommend starting with “Audit only” mode. This allows you to thoroughly test and monitor the rule's performance and ensure it correctly identifies the intended data without interrupting email flow for users. Once you've validated the rule's behavior and are confident in its accuracy, you can then implement actions such as blocking or warning users as needed.
- End users: Depending on your admin configuration, you’ll be notified if your message contains information that violates DLP rules.
Rollout pace
- Rapid Release and Scheduled Release domains: Full rollout (1–3 days for feature visibility) starting on February 18, 2025
Availability
Available to Google Workspace:
- Enterprise Standard, Enterprise Plus
- Education Fundamentals, Standard, Plus, and the Teaching & Learning add-on
- Frontline Standard
- Cloud Identity Premium customers
Resources
- Google Workspace Admin Help: Gmail DLP & automatic classification labels
- Google Workspace Admin Help: Protect sensitive information using DLP
- Google Workspace Admin Help: How does DLP interact with other email rules?
- Workspace Updates Blog: Beta update: Data Loss Prevention enforcement in Gmail is now instantaneous
- Workspace Updates Blog: Workspace Data Protection rules are now available for Gmail in Beta