Now here's 3 questions:
1. Did your web developer personally contact you prior to the day and explain these principles?
2. Did your web developer implement these changes prior to 25th May?
3. Did your web developer make all the necessary changes to your site to ensure you were compliant without billing you for their services?
If you answered "Yes" to all three then you're obviously a WebSpain client. As I've said in the past, not all web designers are created equal. This is just another example of how we always go further in the area of client support.
As far as GDPR will develop in the future, there are no guarantees that the stipulations, or even the interpretations, won't actually change. And at this point it remains to be seen how closely the regulations are actually going to be enforced.
No doubt there are millions of website owners out there that haven't got a clue about all this.......because their web developer never bothered to bring them up to speed about their responsibilities. You'll be able to spot them quite easily if they don't have a "specific consent" option in their forms. Potentially, organizations not in compliance could face hefty penalties of up to 20 million euros, or 4 percent of their worldwide annual turnover, whichever is higher - so this isn't something that you can leave to chance.
But there's one area where the GDPR isn't clear at the moment.....and that's HTTPS/SSL encryption on websites. The GDPR regulations specifically state that all user information received must be stored securely, and all reasonable precautions must be taken in terms of it's security at point of contact and thereafter.
To me, that would infer it's necessary to have all connections encrypted rather than unsecured......despite the fact SSL Security isn't directly referenced. So my personal recommendation (as I've been saying for 3 years) is to ensure that you have an encrypted connection to your site.
Google has been saying this throughout this period, and now with the introduction of GDPR the onus is on you personally to ensure that you are seen to be complying with the legal responsibilities that you now have. Also, from July onwards, Google Chrome browsers will begin to flag every website that does not use HTTPS encryption with the warnings 'Not secure' prominently highlighted in the address bar. That's a business-killer if ever there was one.
Failure to secure peoples' data in the past was just seen to be unprofessional......now it breaks European law. There's a big difference. Seriously.......just don't take any chances on this because the stakes just got a lot higher.
We all know that over the last decade the technology that we use has advanced beyond anything we ever imagined!
But along with this increased sophistication comes increased danger. I'm talking about cyber crime!
Now before you dismiss this as another paranoid rant about something that's not relevant to you, just take a look at this......because what you see there is happening right now: Live Cyber Attack Monitoring Service.
I've seen attacks in excess of 5 million per day taking place, it's literally a battlefield......and you're in the middle of it. Every day!
What can we do to protect ourselves? Firstly you need to understand that we can never be 100% impervious to cyber attacks, because if governments and giant multinational corporations can be taken down, then what hope do we have?
But realistically the elite level operators who commit acts of that magnitude are not interested in you and I......they want the big fish! And invariably they get them......as nearly 300 million records were leaked and over $1 billion were stolen in 2015.
The lower levels of hackers would certainly be interested in us though. To some it's just a game (and there are online games going on where they score points for defacing sites)......or to some it's personally motivated. By that I mean people with a grudge, or competitors who would like nothing better than to take you out of the game.
What makes it more dangerous is that the entry level for attackers has now been lowered considerably. You don't need to have any skills or knowledge whatsoever, you just pay for access to one of these online cyber attack service portals and you simply click a few buttons. The cost is minimal for basic services, but the more you pay then potentially the more mayhem you can create. Yes.....we now live in a world where you can go online and order whatever services you want in order to commit internet crime.
All we can do is take the necessary precautions......and take security seriously! The server software is always kept current, and whatever security measures we can deploy are always in place for your protection. But that counts for very little if your site software has become end of line and has had no security updates for some time. Because someone could potentially get access without raising any alarms, and the first you'll know about it is if your site gets defaced or thousands of e-mails get sent out supposedly coming from you. Obviously the content contained in those e-mails is not going to be pleasant, and will no doubt result in your domain name getting blacklisted right across the internet.
I would strongly recommend that you don't go down this path of outdated site software.....it's not going to end well. It will result in complete disruption, loss of business, and a degree of diminished client confidence.
As far as our clients are concerned, we always make people aware if they're in that situation, as we believe in complete transparency and keeping people informed. But ultimately what they choose to do is up to them.
I would suggest you now go back and check the Live Cyber Attack Monitoring Service and see how the daily figure has risen since you started reading this article. And if you're knowingly running outdated site software, then go and check your site to make sure that you haven't become Just Another Victim!
Last September we published this article: SSL for SEO! It related to Google announcing that sites which had HTTPS/SSL encryption would be looked on more favourably in terms of search engine positioning. This represented a major step in their stated initiative of making the internet a safer place.
At that time it wasn't clear how big a ranking signal it would be, and since then no major changes were really noticed....until 10 days ago! Because since then, Google’s ranking data for HTTPS pages has increased by 9.9%......which is a huge swing. You can get the full analysis Here!
But be aware that this doesn't mean that having SSL encryption on your site is some sort of SEO magic bullet, it just means that the priority given to secure sites appears to have been increased. There are numerous other factors involved in the process of search engine ranking......with content and mobile compatibility being the main ones.
Nothing has been officially announced by Google, other than changes in algorithms were coming up. And even then, they wouldn't be drawn on exactly what those might be. But in light of the massive revision in the status of HTTPS/SSL sites over the last ten days, it appears that this is the direction they're taking.
Just to recap, HTTPS/SSL is a 2048bit data encryption method that encrypts the connection to sites giving a higher level of personal security. Essentially, users have a secure connection to the site to prevent the theft of personal and private information. In many cases the data may not be highly sensitive, but setting up a HTTPS connection ensures that no external party is spoofing addresses to retrieve information from users that they would not normally divulge. This activity is now becoming more common and a HTTPS connection safeguards against these attacks.
Strengthening web security benefits everybody, and by implementing this process on your site you'll be demonstrating to users, and Google, that you take this very seriously. Our position on this is that we certainly wouldn't want to be in the position whereby fingers were pointing at us as being responsible for the theft of users' data. Which is why we have always had SSL security on this site.
The difference now is there seems to be measurable search engine positioning benefits that you can gain from it as well. So it's a win-win situation for everybody.....except the cyber criminals of course!
Google has recently announced that they are starting to use HTTPS/SSL as a ranking signal within their search engine algorithm.
The official wording was: “Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search-ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.”
So what is HTTPS/SSL?
It's a 2048bit data encryption method that previously was only ever in general use on ecommerce sites to make online payments safer, and on sites that required personal information like NIE, National Insurance, or Passport numbers to be input. Simply because SSL encrypts the connections to the site giving a higher level of security. Google has been going down the path of encrypting their own sites for some time, and now they want other sites to follow suit in order to make the Web a safer place to use.
Obviously anything that strengthens web security, online safety, and the secure transmission of personal data is a benefit to everybody. In addition, it definitely enhances a potential client's perception of you being a legitimate and professional business.....that's the reason we use SSL encryption on this site.
Having better site security and demonstrating professionalism is advantageous on many levels. But now that Google has announced this new initiative of favouring sites that demonstrate security measures are in place, people have been given an incentive to put these processes into place.
But one important point here is that just because you have an SSL certificate in place does not mean your rankings on Google will suddenly increase to top positioning. The reality is that if your site is technically poor with low quality plagiarised content then you'll be going nowhere! Because achieving high rankings on search engines is a combination of many different factors, and this announcement just means that HTTPS/SSL has now been added to the list of website criteria that will be evaluated.