What is the GDPR ISO 27018?

What is the ISO 27018? Well its full term is ISO/IEC 27018 code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors, and it focuses on protecting the personal data in the cloud. Find out how the ISO 27018 can help comply with GDPR here.

The General Data Protection Regulation (GDPR) is a European Union (EU) law governing the processing of personal data across the EU. Personal data is any information about identifiable, living people (known as data subjects). It is an extraterritorial law, meaning it operates both within the EU as well as outside of it for organisations that wish to provide goods or services into the EU.

ISO 27018 stands for ISO/IEC 27018 information technology – code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. It is all about how to protect personally identifiable information that is stored in the public cloud. The standards provide a compliance framework and seek to protect personal data from unauthorised use. The ISO 27018 builds on existing standards in security such as the ISO 27001 and ISO 27002 which set out more general security principles. The ISO 27018 however, is a highly specific set of principles seeking to address cloud-specific security.

What is the ISO/IEC?

The International Organisation for Standardisation (ISO) is an independent international organisation. It has 161 national standards bodies as members. Members share knowledge and develop voluntary standards for many industries such as technology, food safety and healthcare. The ISO/IEC is a joint technical committee between the International Organisation for Standardisation (ICO) and the International Electrotechnical Commission (IEC). It was formed as a merger in 1987 to develop baseline standards in the IT industry for other committees to build on. The ISO/IEC was responsible for forming the ISO 27018.

The General Data Protection Regulation (GDPR) is a European Union (EU) law governing the processing of personal data across the EU. Personal data is any information about identifiable, living people (known as data subjects). It is an extraterritorial law, meaning it operates both within the EU as well as outside of it for organisations that wish to provide goods or services into the EU.

ISO 27018 stands for ISO/IEC 27018 information technology – code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. It is all about how to protect personally identifiable information that is stored in the public cloud. The standards provide a compliance framework and seek to protect personal data from unauthorised use. The ISO 27018 builds on existing standards in security such as the ISO 27001 and ISO 27002 which set out more general security principles. The ISO 27018 however, is a highly specific set of principles seeking to address cloud-specific security.

What is the ISO/IEC?

The International Organisation for Standardisation (ISO) is an independent international organisation. It has 161 national standards bodies as members. Members share knowledge and develop voluntary standards for many industries such as technology, food safety and healthcare. The ISO/IEC is a joint technical committee between the International Organisation for Standardisation (ICO) and the International Electrotechnical Commission (IEC). It was formed as a merger in 1987 to develop baseline standards in the IT industry for other committees to build on. The ISO/IEC was responsible for forming the ISO 27018.

Get New and Exclusive Insights Direct to Your Inbox!