SSL Certificates & GDPR
From 25th May 2018 your business needs to be GDPR compliant. Failure to comply with GDPR could lead to fines of up €20 million or 4% of the company’s total global revenue.
Until now it has not been necessary to have a Secure Socket Layer (SSL) Certificate allocated to your domain to show that your website is safe and secure.
If it doesn’t already, your website MUST have an SSL Certificate to show it is safe and secure as part of the steps you need to take to ensure your website is GDPR compliant.
As a result of GDPR, it is also safe to assume that all leading search engines algorithms are being updated to rank sites that are not SSL encrypted below sites that are SSL encrypted, as well as displaying warning message to users completing forms or supplying personal data.
What does an SSL Certificate do and why do you need one?
An SSL Certificate is used to establish a secure, encrypted connection between your domain and a user’s browser, preventing unauthorised parties from accessing or interfering with your data.
Instead of starting with HTTP (HyperText Transfer Protocol), your website address will start with HTTPS (HyperText Transfer Protocol Secure). Using HTTPS, the computers agree on a “code” between them, and then they scramble the messages using that “code” so that no one in between can read them. This keeps your information safer from hackers or other unauthorized users.
This is particularly important when entering personal information from people completing online forms, entering passwords or providing credit card details in online forms. Sites secured by an SSL Certificate show a green padlock or “Secure” message next to the URL in Google Chrome (and other browsers), which reassures users that the site is fully secured and that they are safe to access the site or to enter their personal details.
In simple terms, if your domain has an SSL Certificate and starts with HTTPS, it shows that it is safe and secure and builds customer confidence. If it doesn’t, you’ll not only be risking GDPR compliance, you’ll get fewer people visiting your website as your site will be ranked lower in Google, and visitors/customers will be put off accessing a website that displays a warning message. You’ll also probably start to get messages from people seeking reassurance that it is safe to access your website.
How to get your SSL Certificate
We have three low cost, easy to implement options that will get your website SSL encrypted within 48 hours:
1) Universal Shared SSL (SUITABLE FOR VERY SMALL OPERATIONS)
This option means your SSL certificate is shared with other businesses. This is aimed at personal websites, or very small businesses. There is an annual payment of £35 plus VAT for your shared SSL Certificate.
2) Dedicated SSL Certificate (THIS IS WHAT MOST CUSTOMERS NEED!)
This option means you have your own dedicated SSL Certificate protecting your main website address (ie www.yourdomain.com and *yourdomain.com). This is what the majority of businesses need. There is an annual payment of 95 plus VAT for your dedicated SSL Certificate.
3) Dedicated SSL Certificate with Custom Hostnames (VERY FEW NEED THIS)
This option means you have your own dedicated SSL Certificate protecting your main website address (ie www.yourdomain.com and *yourdomain.com) and up to 50 more hostnames or wildcards of your choosing. This is for larger businesses who have different sub domains attached to their website. There is an annual payment of £170 plus VAT for your SSL Certificate.
Regardless of which SSL Certificate you require, there is also a one-off payment of £150 plus VAT to set it up, make the necessary amends to your domain and DNS settings, and to ensure all other steps to make your website GDPR compliant are actioned.
What do you need to do?
Simply confirm which option you require (normally Option 2 Dedicated SSL Certificate) – or contact us if you require more information about this or the other two options.
If we are responsible for renewing and managing your domain, you don’t need to do anything else. If you renew and manage your own domain’s DNS (ie at GODADDY, Network Solutions etc), you will need to login to your account and amend your nameservers. We will send you instructions when we set your SSL Certificate up. Alternatively you can supply your login details and will make the necessary changes for you.
What happens next?
We’ll send you an invoice for payment by return and will set up your SSL certificate within 48 hours.
What are the benefits of moving to HTTPS?
- Browsers will no longer display Not Secure warnings when viewing your site.
- Client information will be even more secure than it is now.
- Google uses HTTPS as a positive website signal.
- Potential improvements to overall Search Engine Optimization (SEO).
- Clients are more comfortable sharing information when visiting secure sites.