What is GCP's approach to data residency and compliance?

GCP provides multiple tools for data sovereignty and compliance. Data residency: specify regions when creating resources to control where data is stored. Organization Policies: restrict resource creation to approved regions organization-wide — constraints/gcp.resourceLocations. VPC Service Controls: create security perimeters around GCP services to prevent data exfiltration — even malicious insiders or compromised APIs cannot move data out of the perimeter. Access Transparency: near-real-time logs of actions Google personnel take on customer data. Assured Workloads: deploy in compliance-controlled environments (FedRAMP, ITAR, CMMC, EU data boundary). Data Loss Prevention (DLP): automatically discover, classify, and de-identify sensitive data (PII, PCI, PHI) across Cloud Storage and BigQuery. Certificate Authority Service: manage internal PKI. GCP supports GDPR, HIPAA, ISO 27001, SOC 1/2/3, and many other certifications.