GDPR and Securing Your Dental Practice Website

What is website encryption and why you need it

Encryption for your websiteWithout going into deep technical discussion, website encryption is simply a mechanism whereby any communication from the device on which you are viewing a website and the server where the website is hosted, is encrypted.

This means that any information exchange either way is impossible to read should it be intercepted on route. Even though interception of such data is unlikely, it is possible and consequently it makes sense to protect against this in the event that it did happen.

The encryption is handled via software which is already installed in your browser and software, known as a “secure certificate”, which has to be installed on the server side to complete the encrypted loop. This certificate, often called an ‘SSL certficate’, typically has to be renewed periodically and requires intervention to keep up-to-date. However, once the system is installed and tested, then you can be sure that you website communications are protected.

Why do I need to encrypt my dental website now?

For years, certain types of website needed encryption by default, e.g. banking sites and others where sensitive data was being exchanged. So for example a dentist who was taking referrals and receiving confidential patient information via a website contact form, would have been wise to use encryption. Other websites, e.g. where simple appointment booking was taking place without transmission of sensitive information, would typically have managed without encryption.

More recently, there has been a shift towards all website becoming encrypted, irrespective of their function and this has been driven by two main factors. Firstly, with the advent of the somewhat “fuzzy” GDPR regulations which become law in the UK in May 2018, there is a requirement to protect any information which could be considered to be sensitive and personally identifiable. So even simple contact forms should be protected in case something sensitive was transmitted. A simple disclaimer does not appear to suffice any longer.

Secondly, Google is pushing full encryption for all websites and has publicly stated that it will offer some ranking benefits when it comes to search engine results.

So with these two important elements in mind, the time has come to switch your website to full encryption – showing the padlock symbol and https rather than http.

There are other considerations too, perhaps the main one being public confidence. With the buzz around encryption increasing, website users will expect to see encryption in place and will shy away from websites where their browsers show “insecure” warning messages. This is now very common and quite disconcerting for an average user when the warning pops up.

What SSL website encryption doesn’t do

Unfortunately there are a number of web companies, including well-known UK dental marketing agencies, who are using the new legislation and recommendations to try to scare website owners into moving their websites on to their service contracts. They mention things like ‘imminent hacking’ and fines for non-compliance which really doesn’t help. Website encryption is unlikely to stop your website being hacked if the server is inherently insecure and although you can be fined for failing to comply with GDPR, that sort of penalty will likely only be handed out to the few. Much better is to recognise the implications and work to pragmatic, cost-effective solutions rather than jump to a supplier who deliberately scared you.

With this in mind, we are currently helping hundreds of dentists manage the transition to website GDPR compliance, including encryption, in time for May’s new legislation. Indeed we are planning the transition to https for our business websites too, including this one. Unfortunately, there is no getting away from the need to complete this task and it’s time to “bite the bullet”.

Other important considerations

Unfortunately it’s not just as simple to flick a switch and instantly your website is encrypted. As mentioned above, a secure certificate has to be installed on the website and tested. From an SEO perspective, all of your website page addresses need to be re-directed from the old http version to the new https version to help preserve your Google rankings and also ensure that any link which is clicked in third-party websites, still ends up at the correct page on your site. So there are several hours of work required to get this completed and tested successfully.

Next steps for your dental practice website

As discussed above, the time has finally come to ensure that your website is running under full encryption. Pressure from Google and new GDPR legislation unfortunately means that you cannot really put it off for much longer without negative effects. We are currently liaising with all existing clients to manage the transition, but if you are not currently with us and would like to take advantage of our robust, cost-effective and compliant solutions, then we’ll be pleased to assist. Simply call the Dental Media digital marketing team on 01332 672548 for friendly advice.