ISO/IEC 27018 – what is it?

ISO/IEC 27018 is a standard for the protection of personal data in cloud environments that defines requirements for the processing of personally identifiable information (PII) by public cloud providers. The international ISO/IEC 27018 standard establishes rules for limiting data processing, ensuring transparency in the use of information, access control, encryption, and notification of security incidents. It also stipulates that providers must not use customers’ personal data for their own purposes without explicit consent, which is a key requirement for maintaining data privacy.

In practical application, DSTU ISO/IEC 27018 is used as the national adaptation of the standard for organizations handling personal data in Ukraine. Implementation involves defining the roles of data controller and data processor, documenting access procedures, auditing data operations, and implementing technical and organizational security measures. Compliance with ISO/IEC 27018 is critical for cloud providers and organizations processing personal data, as it ensures adherence to privacy requirements, including GDPR, and increases customer trust in services.