We are pleased to have a guest blog this time, Robert Barker, the owner of Quest Graphics, based in the beautiful market town of Heathfield, East Sussex.
He has something REALLY important to share...
GDPR, SSL, Google and your website
In light of the upcoming GDPR requirements, this hopefully explains in not too many words how it affects websites, and what you may need to do to be compliant.
GDPR (shiver...)
How does GDPR affect my website?
Sites need to display a Privacy Policy, an example of which can be seen on our site here. The General Data Protection Regulations require a statement of how and why any personal data is collected, and also how it is used, stored, and disposed of.
Cookies. If your site uses cookies (and almost ALL sites do - for instance for Google Analytics), you need to inform visitors, request their permission to use them, and offer the option to visit your site with cookies turned off. You may have seen this in action at the foot of the screen when you clicked the link above in 1, unless you have recently visited our site and already accepted cookies.
Sites must have a secure connection to the internet, to protect personal information entered and transmitted. An SSL certificate secures your website’s connection and also may boost its rankings in Google.
All email newsletter signup forms will need an unticked checkbox for people to tick themselves to agree to receive the newsletter, with explanatory text along the lines of 'I agree to my personal data being stored and used to receive the newsletter'.
How does GDPR affect my email?
There is a requirement for email communication to be secure. All major email providers (Microsoft, Google, Apple Mail, Hotmail...) use HTTPS end-to-end encryption. This means the email cannot be read at any of the waystations it passes through on its journey from sender to recipient. However, if sent to the wrong recipient it can be read by them.
Fully secure email would require a decryption key to be used by the recipient, which is time consuming, inefficient and largely impracticable. This functionality has been available for many years but the uptake is very small. The best solution is simply not to email personally identifiable information, or to send it in encrypted zip files and then separately supply the key to the recipient. The key here may be “appropriateness”. How big is the risk and what actions do you take to mitigate it?
SSL Certificates
Essentially, SSL establishes an encrypted link between your web server and your visitor's web browser. This ensures that all data passed between the two remains private and secure. A secure site, when viewed in a browser, has a green or grey padlock by the domain name, and sometimes the word 'Secure' also in green or grey, depending on the browser. The domain address starts with https, not http. Clicking the padlock reveals more information, shown in the screengrab above.
Sites that use SSL certificates get a boost in the search engine results pages. Google is also now flagging non-secure http pages that collect passwords or credit card details as insecure. Google eventually plans to expand this feature to treat all HTTP pages like this. The extra cost of SSL hosting is very small and the benefits include trust in your site and GDPR compliance.
Robert Barker
01435 868911
Commenti