Do you need an SSL Certificate to be GDPR Compliant

GDPR (General Data Protection Regulation) legislation came into effect on the 25th May 2018 and applies to all businesses that work or sell to European businesses. The 99 Articles are very long and cover a huge variety of topics but in this post, we'll answer the question of, do you need an SSL Certificate to be GDPR Compliant?

The GDPR regulations do not contain any specific rules relating to SSL certificates BUT the regulations can only be met correctly with the use of an SSL certificate. Read below for more information:

Article 32 (Security) of the regulation begins this way:

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

1. the pseudonymisation and encryption of personal data;
   
   
2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

This means that regulated information must be protected with "appropriate technical and organisational measures," including the encryption of personal data and the ability to ensure the ongoing confidentiality of systems and services. SSL certificates are hugely popular and have been the go-to product for encrypting data and keeping customers information confidential.

What data needs protecting?

The regulation includes nearly any personal data including PII (personally identifiable information), PHI (personal health information), web usage information, and a set of personal characteristics such as race, sexual orientation, and political opinion.

The good news for you is that from an SSL perspective GDPR aligns with well understood best practices anyway. If you make your website secure so all your pages load with https using certificates to authenticate and encrypt communications between internal systems, you're meeting the GDPR requirements for that component of data protection.

Can I get away with it?

We do not recommend this action! Protecting your user's information should be a paramount priority, your users will thank you and you may even be rewarded by search engines. Having an SSL certificate not only protects your customers but it protects your own business and provides confidence in your website, products and services.

How can I get an SSL Certificate on my website?

Give Media City Way a Call (0161 669 4633) or Email Us, we'll discuss your options with you and once you're happy we'll install the certificate ourselves and make sure your website is safe and secure.