Microsoft Dynamics CRM Online conforms to ISO/IEC 27018, the only international set of privacy controls in the cloud

Microsoft is the first major cloud provider to be independently verified as having  adopted ISO/IEC 27018, the world's first international cloud privacy standard. The adoption of ISO/IEC 27018 by Dynamics CRM Online is part of a broader commitment from Microsoft to protecting the privacy of our customers, as described in a Microsoft on the Issues post from Brad Smith, General Counsel and Executive Vice President. In addition to Microsoft Azure, Office 365 and Microsoft Intune have adopted ISO/IEC 27018."