Sign in to the Google Admin console.

From the Admin console Home page, go to "Apps" and then "Google Workspace" and "Gmail."

Select "Compliance" and then "Content compliance."

Click on "Add another rule" to create a new content compliance rule.

In the new rule setup, specify conditions:

For "Email messages to affect," choose "Outbound" and "Internal - sending."

Under "Add expressions," select "If ANY of the following match the message" and choose

"Predefined content match," then select "Credit Card Numbers."

In the "Actions" section, select "Add more recipients" and specify the custom header your encryption

provider uses.

Save the rule.

This ensures that emails containing credit card numbers are flagged and encrypted by your third-

party encryption provider, fulfilling the security requirements set by your cyber security team.

Reference:

Google Workspace Admin Help - Set up rules for content compliance