Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Getting a proper consent for potential commercial utilization purposes of customer-owned data


Personal data processed under a contract, e.g. when offering a cloud service for a customer, are not to be used for marketing or advertising purposes without a clear consent from the customer that controls the data.

This consent can’t be e.g. demanded as a prerequisite for being able to utilize the offered cloud service.

This requirement is in line with general personal data processing requirements, where all personal data processing must have a clear legal basis. Potential processing must be documented normally.

Connected other frameworks and requirements:
A.3.2: Public cloud PII processor's commercial use
ISO 27018
No items found.