PII includes any piece of information that can identify a specific user. The more obvious examples include names and contact details or your mother’s maiden name. But ones people may not readily think of are medical records, IP addresses and banking statements.
Used with ISO/IEC 27001, ISO/IEC 27018 has been published to allow Cloud Service Providers whose infrastructure is certified to the standard to tell their existing and potential customers that their data is safeguarded and won’t be used for any purposes for which they don’t specifically give consent.