Personal data and cloud computing, the “cloud” now has a standard

by Luca Bolognini - In August 2014 the International Organization for Standardization, ISO, published ISO 27018, a standard developed specifically for providers of cloud computing services. ISO 27018 is the first and only of its kind in the world, a set of rules built on the ISO 27001 and 27002 standards to ensure the compliance of public cloud providers with the principles and rules established in Directive 95/46/EC. The stated goal of this standard is to serve as a practical privacy by design answer to key issues of both legal and contractual nature related to the management of personal data in distributed IT infrastructures following the public cloud model. Before delving into an analysis of its main characteristics, a brief discussion concerning ISO 27018’s predecessors, the ISO 27001 and 27002 standards, is necessary considering that the standard in question represents a lex specialis in that it is derived from the principles and procedures put forth by the standards cited above. [See the attachment for the full article]