ISO 27018 PII
ISO 27018 PII cloud protection GDPR Article 28.
Definition
ISO 27018 covers controls: consent and choice, purpose legitimacy, data minimization, use limitation, individual access, accountability, transparency, data breach notification. Compatible with GDPR processor obligations and CCPA processor compliance. Adopted by all cloud hyperscalers (AWS, Azure, GCP, OVHcloud, IBM Cloud).
Origin
ISO/IEC JTC 1/SC 27, ISO/IEC 27018 published August 2014, revision 2019, 2022.
Usage
Often required by EU and US enterprise customers for GDPR data processor compliance.