Category Archives: ISO 27018

The likely demise of the US Safe Harbor is dominating the data news headlines - but what else is happening in the world of data and cyber regulation? Datonomy provides a round up of other recent developments in Europe and Asia. With contributions from Andreas Splittgerber and Christian Leuthner in Germany, Sofia Fontanals in Spain and Matthew Hunter, Daniel Jung and Aisling O’Dwyer in Asia, in this update we cover:
  • EU policy and regulation including latest news from Brussels on the GDPR and NISD
  • News from the UK
  • News from Germany
  • News from Spain
  • News from Asia
  • GDPR and NISD: Commission President Junker has yet again affirmed the “swift adoption” of the GDPR and NISD as priorities in this open letter of 9 September to the European Parliament. Below we take a more detailed look at the recent procedural progress of these two (not-so-swift) proposals.
Last month, Korea passed the world's first cloud-specific law, with the stated aim of driving the adoption of cloud computing in Korea. But what are the practical implications for cloud customers and cloud services providers in Korea? When does it come into force? On 3 March 2015, the Korean National Assembly passed the Act on the Development of Cloud Computing and Protection of Users (Cloud Act).  The bill has been under consideration since October 2013.  The final version of the Cloud Act is available here (currently only available in Korean). The Cloud Act comes into force on 28th September this year.  Before the Cloud Act comes into force, the Ministry of Science, ICT and Future Planning (Ministry) will establish additional rules for cloud services (as explained below). What will it do? The good news for cloud customers and cloud services providers alike is that the Cloud Act aims to promote the cloud market in Korea. The … Continue Reading ››
UK standards and benchmarks
Last year on this blog we reported on the newly-published ISO 27018 - the first global security standard for cloud services. Earlier this year, we compared ISO 27018 with Singapore’s data protection laws (and others) and showed that ISO 27018 will help cloud customers to comply with these laws when using public cloud services. This month, we blogged on the latest market developments and noted that ISO 27018 is becoming the “go to” standard to help cloud customers to comply with their privacy obligations when using public cloud services.  Cloud customers, CSPs and regulators are using (and benefiting from) this new useful standard around the world.  We expect this to continue as more companies (and more personal data) move to the public cloud services. With thanks to Matthew Hunter, Olswang Associate in the Singapore office, for his contribution to this article.
Datonomy’s correspondents in Asia take an in-depth look at the new ISO 27018 and evaluate how it can help cloud customers meet the requirements of Singapore’s new Personal Data Protection Act. Back in September I blogged on the then newly-published ISO 27018, the first global security standard specifically applying to cloud services. In this recent post my colleague Daniel Jung and I take an in-depth look at how the new ISO measures up to Singapore’s new PDPA. The article will also be of wider interest to cloud customers and cloud providers as it considers the various ways a cloud provider can demonstrate compliance with the new standard. To read the post, please visit Datonomy’s sister blog Watching The Connectives at this link.