Website health check - Part one

Whether it's navigating GDPR reforms to data protection, or combating the threat of cyber crime, for many business owners the perceived admin behind maintaining a web presence can seem disproportionate to its return on investment. However, a secure and effectively managed website is essential in today's marketplace and with a few simple checks, you can ensure yours is a honed sales tool in the time it takes to drink a cup of coffee.

Like any marketing tool, the first step is to make sure your operation is watertight from a regulatory point of view. In the first of a three part series, we focus on the ground work required to ensuring your website is GDPR compliant.

Does your website have an SSL certificate?

An SSL certificate provides an encrypted internet connection for greater data security and privacy, and is now effectively a requirement for GDPR compliance. In simple terms, it powers the padlock symbol in your web browser's address bar when you visit a secure website. The "certificate" itself isn't a physical document, it's actually a set of computer files that your web designer or web host (the company or person responsible for giving your website a place to "live" on the internet - usually either your web designer or IT company) need to add to your website. The world's most popular web browser Google Chrome now flags all websites without an SSL certificate as insecure, putting off potential customers and seriously impacting traffic to your site. So, if your website doesn't have a padlock, this should be first on your list.

Use our free online tutorial to check if you have an SSL certificate.

Do you have a Data Processing Agreement (DPA) with your web host?

GDPR Article 28.3 states that:

"Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller...".

This means that a written contract is required when you employ a data processor (i.e. your web host) to process data from your website. It should cover the rights and obligations of both parties including the procedure to be followed in the event of a data breach - for instance, if your website is hacked.A GDPR-compliant web host should offer a pre-formatted DPA for you to sign, ensuring you're both covered.

Where in the world is your website hosted?

This may seem like a strange question as it's easy to assume that if your web host is based in the UK, your website is too. However, some budget web hosting companies will host your website on servers on the other side of the globe. GDPR requires that personal data should not be transmitted outside the EU to ensure consistent legislation and protection, so this is a big no-no for compliance. While Stack offers UK-based hosting as standard, it is worth noting that some US companies have special dispensation after agreeing to operate in line with EU law, under something called the Privacy Shield. Either way, with increased scrutiny over data processing practices, it's worth making sure you're covered, so check with your web designer or host.

If you would like further advice on any of the topics above, please feel free to get in touch.

Share this guide

About the author

Phil Peters

Phil Peters

Phil is responsible for the design and architecture of our digital services here at Stack and will be your primary point of contact when you get in touch with us. With 18 years of marketing and technical experience in financial services including insurance, share registry and salary sacrifice schemes, Phil delivers proven, high performance solutions for your digital requirements.