Certification Context

ISO/IEC 27018 provides guidelines for implementing privacy controls for public cloud service providers processing personal data.

Within this framework, ACTAINFO aligns its cloud systems with:

• protection of personal data in cloud environments
• GDPR-aligned privacy principles
• transparency in data processing activities
• controlled access to sensitive information

Privacy Governance Model

The privacy framework applies across cloud-based systems, including:

• SaaS platforms
• digital services for public administration
• data storage and processing infrastructures
• integrated cloud applications

All systems are managed under a privacy-by-design and privacy-by-default approach.

Core Privacy Controls

Key control areas include:

• processing limitations for personal data
• strict access control mechanisms
• data minimization principles
• secure storage and transmission of PII
• controlled data lifecycle management

These controls ensure that personal data is handled in a structured and compliant manner.

Data Protection & GDPR Alignment

ISO/IEC 27018 operates in synergy with:

• GDPR regulatory requirements
• ISO/IEC 27001 information security framework
• ISO/IEC 27017 cloud security controls

This creates a multi-layer compliance architecture covering security, cloud operations, and privacy.

Transparency & Accountability

The framework emphasizes:

• clear definition of data processing responsibilities
• traceability of operations on personal data
• auditable privacy controls
• accountability in cloud service operations

The objective is to ensure verifiable compliance in regulated environments.