- Independent Schools (United Kingdom)
- MATs (United Kingdom)
"Should my website be moved to HTTPS due to GDPR?" This was the single most asked question in our support desk over the last 2 months, so our support team have put their heads together to try and help you answer it.
What is HTTPS?
When your website communicates with a users browser this can be done in two ways. The more traditional way is over HTTP which is not encrypted and therefore can be potentially intercepted and viewed by a third party. Or over HTTPS which is encrypted and therefore considered secure. Web browsers such as Internet Explorer, Firefox and Chrome also display a padlock icon in the address bar to visually indicate that a HTTPS connect is in effect.
Why should my school website move to HTTPS?
Whilst there is nothing specifically in the new GDPR laws specifying that your website must be delivered over HTTPS the laws do reference the need to protect the personal data that you are collecting. Previously, only online payments were deemed necessary for encryption (as this passes credit card information). Many schools collect a huge amount of data via various different forms on their website and many believe that in order to be compliant encrypting this data is a necessity.
Are there other reasons other than GDPR?
Well yes, there are several other reasons that you need to also consider beyond simply the GDPR laws:
- Browsers such as Chrome are treating websites not delivered over HTTPS as 'suspicious; and as such are displaying a page prior to the website loading that tells the user that the website is not secure and as such do they still want to visit the site. Inevitably this will discourage some users from clicking through.
- Google has made a number of references to prioritising secure websites over those that are not – ranking those that are higher in the search engines – which again impacts search results. This was confirmed at the back end of last year in it's mobile search which also labels websites as being non secure which may again negatively impact users desire to click through.
Why does running a HTTPS website cost extra?
Currently we charge schools an additional amount annually for their website being delivered over HTTPS. This is because of the following:
We need to move the website to our HTTPS servers which takes us a couple of days. This is a new infrastructure which needs testing and takes time to implement
Your website is protected by a DDOS prevention service. This is a third party provider that proactively blocks suspicious traffic or attempts to penetrate the website – it is hugely valuable in making sure your website is protected. They charge us extra to process HTTPS traffic
Your website also benefits from a CDN – this is another third party service that serves the website locally wherever someone accesses the website in the World – which makes sure load times are always super quick. Again, this provider charges extra to process HTTPS traffic
Both of these services are charged at cost to our customers.
For more information about services and cost please email supportUK@finalsite.com
ABOUT THE AUTHOR
Olivia works with schools worldwide to develop and implement social media strategies. She began her career in television and has worked with production companies including the BBC, Disney and Southern Star Australia. Transferring her skills to the corporate world, she has worked as a leadership skills coach and trained teams from blue chip companies including Coca Cola, AMP and IBM. Prior to her current role as Social Media Specialist at FinalsiteUK, Olivia was Deputy Editor for Families Magazine. Holding a Bachelor of Dramatic Art and a Diploma of Digital Marketing (CIM), her blend of experience gives her a unique understanding of audiences, branding, and storytelling. Olivia has 14+ years of experience working in corporate coaching, publishing and digital marketing.
- Security and Data Protection