Monthly Archives: March 2018
As your private data travels from your web server to your web browser, SSL is your protector.
When visiting a website, you want to feel confident that you can trust it with your data and that nothing will be exposed. But how can you be sure that a website is protected?
What is SSL?
If any part of your website contains, receives or transmits personal data, you will need to have an SSL certificate. Short for Secure Socket Layer, SSL is the foundation of internet security, as it ensures the safety of sensitive information as it travels from your web browser to your web server.
When a customer enters their personal details on a website, such as their name, address and often their card details, they need to know that they are using a reliable site that won’t risk their security. Therefore, SSL certificates are put in place to offer privacy and security when completing these data transfers.
Google Launches HTTPS
In August 2014 Google introduced their “HTTPs Everywhere” initiative to help make internet security a top priority for everyone. When accessing Google services, such as Google Search, Gmail and Google Drive, HTTPS encryption is readily available. Google also provides resources for other websites to avoid and repair security breaches.
With this came the SSL Certificate. Websites that show commitment to making their website safe and enforce SSL security, would be rewarded by ranking higher in Google Search results.
Some people often push SSL to the side, thinking that the extra costs are not worth it. However, making room in your budget for this extra cost will come with many benefits. You will find that more online users will be happy to browse and make transactions on your website. It may also help boost your online presence with higher rankings. And it can also represent your business as both genuine and trust-worthy.
The implications of protecting data have never been more important, with GDPR, the new data protection regulation within Europe set to come into force in May 2018. Demonstrating your commitment to protecting your customers’ data by installing an SSL certificate will help you to tick another box on your data audit as part of your GDPR preparation.
Making Your Website SSL Secure
Visitors will stay on websites that they trust for longer periods of time and are more likely to make transactions with you. When you see the green padlock in the web address bar, this indicates that the website is SSL certified. This is important as you know that any data entry is protected and will never be exposed.
This trust is very important with online shoppers and many people will leave your website if they cannot see any kind of mark or seal that represents security. Google have suggested the following tips for setting up your SSL certificate:
- Take time to research the different certificates available to find which suits your website best: single, multi-domain or wildcard certificate
- Make sure you can trust the source in which you are obtaining your SSL certificate from
- Use certificates that come with 2048-bit keys
- Always allow search engines to index your website and stay clear of the noindex robots meta data
- All your other domains should use protocol relative URLs
Here at SEO it Right we offer fully supported SSL protected websites to ensure you and your customers are operating safely. Get in touch with our expert team on 0121 308 0219 to discuss building a new, secure website for your business, or installing an SSL certificate on your existing site.
Does the New GDPR regulation apply to me?
If you find yourself working with data protection on a day-to-day basis, this will be vital for you to catch up on.
The latest changes to General Data Protection Regulation (GDPR) will take effect as of 25th May 2018. GDPR will cover the new changes concerning data protection within the EU and those who fail to comply may be fined.
Data is something that we all come across and use, whether we realise it or not, so carrying out an audit now and making sure you are compliant will save you time and money in the long run, plus it will show your customers how serious you are about protecting their information.
Making Your Website Compliant
The purpose of the GDPR is to ensure that personal data and sensitive personal data are processed securely and appropriately in the best interest of those it belongs to.
Opt in not opt out: If you have any form of opt-in form on your website to capture the data of people when they, for example, download or purchase from you, you will need to ensure that the contact preferences are set to ‘no’ as default or appear blank. If people want to be contacted by you, they will need to tick a box to give their consent to be contacted.
Consent: The consent that you ask for on your website needs to be separated out into the different types of consent you require – for example terms and conditions need to be separated from contact preferences.
Double opt in: To make sure that people have not opted in by accident it is best to firstly provide the tick boxes to allow them to sign up if they wish to be contacted and then email them with a confirmation link that they need to click on to verify that they do indeed want to be on your list.
One box does not tick all: Similarly, if you will be processing data in a different way you will need to specify different consent tick boxes. For example, contacting by phone, post or email or for passing data on to a third party. You will need to clearly name who the third party is.
Be transparent: You will need to let people know how and why you are collecting their data.
Withdrawal: You need to make it easy for people to withdraw their consent or change the ways in which they can be contacted or the frequency of communications.
Online payments: E-Commerce website owners need to be aware of any personal data that is collected before details are passed on to the payment gateway. You must therefore modify your site so that it only stores this data for a reasonable amount of time.
Where Do I Go from Here?
If you’re interested in taking further steps to ensure you are compliant with the latest in GDPR there are a few things you can do in the workplace.
Researching the full GDPR regulations to ensure you are confident on new changes is the first step. Then, take your knowledge and share it with others in your workplace so everyone is aware. As a team you should review all your data processing procedures regularly to ensure you are compliant.
We’ve scoured the internet to find some useful resources and checklists so if you need any help implementing your own GDPR audit please get in touch on 0121 308 0219