The entry into force of regulation 2016/679, from now on known as the GDPR, on May 25th, will require a review of online sale websites and their payment procedures.
The operators of websites are obliged to prevent or minimise any data loss that may occur, unauthorised access to data and any change to or sharing of data. Of course, it is impossible to guarantee absolute security to users of online stores, however website operators need to take all reasonable measures, organisational or technological, available to them, in order to secure their sites, in particular online payments via sites.
To this end the CNIL, the French Data Protection Agency, recommends the use of SSL/TLS certificates.
The protocol TLS, which follows its predecessor SSL, aims to secure internet connection and protect sensitive data transmitted between two systems. These two systems can be, as is the case here, a sales website and a customer or user. During the exchange, the TLS certificate encrypts network data and thereby prevents the information transferred from being read or modified and also authenticates the identity of the certificate holder.
When a website is protected by a SSL/TLS certificate, the prefix “https”, which stands for “Hypertext Transfer Protocol Secure”, appears at the beginning of the URL (web address), the internet user can be assured that the owner of the website has taken measures to protect any data transferred and confirms that their website is secure. This notice is usually given by an icon showing a green padlock.
While the use of SSL/TLS certificates is currently only recommended by CNIL, it is important to note that Google has favoured the use of secured sites since 2014, making them benefit from improved web rankings.
In addition to obtaining better rankings than their competitors, Google Chrome plans to sanction unprotected websites by showing the notice “Not Secure” in the address bar of those sites starting in July. Notice to all operators!