Security measures for the storage of personal data in a cloud computing environment
If an organisation intends to store personal data in a cloud it is important to consider appropriate technical and organisational measures for this processing.
Data protection does not require companies and organisations to comply with a certain standard on information security. However, an international standard such as ISO 27001 can be a good tool to establish a framework for working with information security and therefore personal protection. The Data Protection Act/the Data Protection Regulation provides that risks should be reduced through appropriate technical and organisational measures. The majority of these measures are specified in the abovementioned standard.
Another ISO 27701 standard is an extension of ISO 27001, that is, requirements that specify information security also include personal data protection where the processing of personal data may be relevant.
