Our top 5 tips to ensure your website is GDPR friendly and secure!
You may not think there is anything on importance on your website, but you need to remember that your website visitors are interacting with your website and can be disclosing personal information which you need to keep secure. Here are our top 5 tips;
- SSL Certificates: an SSL Certificate is required for websites where personal data is passed from the user to the website, i.e. name, email, telephone number, username, password, credit card numbers and other sensitive information. An SSL Certificate encrypts this data meaning that it cannot be intercepted by other computers that may intend to steal the data. To check if your website has an SSL Certificate, simply look at the URL of the website, if it begins with “https” instead of “http” and if you can see the padlock symbol it means the site is secure.
- CAPTCHA: a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of ‘challenge & response test’ used in computing to determine whether the user is human. Most commonly the user is asked to decipher some scrambled letters or highlight squares within a picture. CAPTCHA’s are used to prevent spammers and hackers getting into your website and stealing/abusing the data stored.
- Communication Preferences Check Box: if your website collects email addresses for the purposes of marketing, in accordance with the latest GDPR requirements, you must have an ‘opt-in’ method, opposed to an ‘opt-out’ method. Make sure that the emails addresses are stored securely and that individuals can unsubscribe from your service at any time.
- Why you collect their data
- How you will use their personal data
- Who you will disclose their data with
- How you will keep their data safe
- How long you will retain their data
- What are their rights over the data
- How to make a complaint
To request a website penetration test to verify the current security of your website, please visit our Information Security page or contact us today.