Personal data protection in GDPR: integrity, confidentiality, and Actalis solutions
IT SecurityGDPR: a cornerstone in the protection of personal data Regulation (EU) 2016/679 (GDPR) establishes the foundations of personal data protection already in Article 5, which sets out the general principles of processing, including integrity and confidentiality, aimed at ensuring data security. In fact, Article 5(1)(f) explicitly states: “Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).” This principle finds concrete application in Article 32, “security of processing”, which requires controllers, including Certification Authorities, and processors to implement technical and organizational measures appropriate to the risk, to ensure the confidentiality, integrity, availability, and resilience of the data being processed.
From HTTPS to machine trust: the rise of mTLS client certificates
IT SecurityIn recent years, we have seen something interesting happen: the digital certificate, which many associated only with HTTPS, is becoming increasingly central in modern architectures. This is because it is undeniable that machines communicate more than humans do. And when they communicate with each other—via APIs, microservices, cloud integrations, or exchanges between trusted platforms—the question is no longer just “is the channel encrypted?”, but above all: who is making the call? what is its identity? This is where mutual TLS, or mTLS, comes into play. In “standard” TLS, the server presents its certificate, and the client trusts it (if everything checks out). With mTLS, an additional step is introduced: the client also authenticates itself using an X.509 certificate. So both parties prove their cryptographic identity. The result? We are no longer just protecting a communication—we are building a verifiable trust relationship.
Client Authentication in public SSL certificates: what changes from 2026 and which solutions to adopt
SSL CommunicationsStarting from April 15, 2026, new rules issued by the Google Chrome Root Program will come into effect, impacting the use of Client Authentication (clientAuth) in public SSL/TLS certificates.Specifically, server SSL certificates will no longer be allowed to include the EKU dedicated to client authentication, an essential element in mTLS (mutual TLS) contexts and in machine-to-machine communications. Traditional web browsing will not be affected, but for some application integrations it will be necessary to evaluate suitable alternatives. In this article, we analyze the context, the reasons behind the change, and the solutions available through Actalis to ensure continuity and compliance.
Actalis SSL certificates for IP addresses: practical, compliant, ready to use
IT SecurityIf your infrastructure doesn’t use DNS, an SSL certificate for an IP address can be the ideal way to enable HTTPS and verify server identity. Actalis now offers this capability as part of its Organisation Validated (OV) SSL certificate range.
Free and unlimited DV certificates: Actalis becomes Europe’s reference point for ACME-based web security
SSL CommunicationsA safer, more accessible digital ecosystem for everyone: that’s the vision behind Actalis’s new initiative. As part of the Aruba Group, Actalis now offers free and unlimited Domain Validated (DV) SSL certificates, available through the ACME (Automatic Certificate Management Environment) protocol. This move puts Actalis on par with global leaders in automated certificate issuance – while standing apart through its guarantee of full European governance, transparency and regulatory compliance.