SSL, HTTPs, website security and SEO
Over the last couple of years, Google has pushed for websites to move to the https protocol and encrypt any data that they transmit. This began with higher ranking for websites running under HTTPS rather than HTTP. In January this year, pressure was increased, by marking any e-commerce or membership website as insecure if they did not encrypt their data using an SSL certificate. From this October, this month, any website that includes a form or search box will be marked as insecure in the web browser Chrome.
It is obvious why encrypting data like credit card information or login details is important. However, Google argues, that any data your website transmits should now be encrypted. This data can include users filling in a form or using the search box on your website. Encrypting this data ensures that the privacy of your website visitors is protected.
The EU General Data Protection Regulation (GDPR)
Google are not the only ones pushing for better data protection and security. On 25 May 2018, next year, new EU data protection legislation comes into law. This makes it a lot clearer what data companies need to protect. If this data has been breached, you will only have 72 hours to let people know their data might have been compromised. It also reinforces peoples right to demand you hand over any personal data you collect, along with their right to demand you delete it.
What do you need to do?
- Know what data your website collects.
- Delete any data you no longer need.
- Consider if you need to move your website to HTTPS and buy an SSL certificate.
- Understand how to delete any personal data if someone demands it.
- Ensure you know if your website has been hacked.
- Have a plan on how to let your customers know if the worst happens and personal data is compromised.
It has never been more important to consider how you are securing any data your website collects and ensure you understand your legal and ethical responsibility in the storage of that data.
In future posts I will look at some of this in more detail, but here are some resources to help you start thinking about these issues:
EU Portal for the GDPR legislation: In particular this useful overview of the key points
http://www.eugdpr.org/key-changes.html
Google article: Next Steps Toward More Connection Security
https://security.googleblog.com/2017/04/next-steps-toward-more-connection.html
How to Move a WordPress Website from HTTP to HTTPS/SSL
https://designmodo.com/wordpress-https/