A free security scan will tell you if your online store is safe.
Magento released its latest security patch on 27 February.
If you run your eCommerce business on Magento 1.x it’s vitally important to make sure your website is up to date with the latest security patches.
This essential maintenance work will keep your online store secure from hackers and safe for customers to spend their money with.
Leaving customer data exposed and vulnerable to hackers and criminals is not only bad for business in terms of trust, reputation and lost transactions.
You could be liable to hefty fines from the Information Commissioner under the Data Protection Act (DPA).
With the introduction of the even more stringent General Data Protection Regulation (GDPR) looming in May 2018 you simply cannot afford not to ensure your website and customer data are secure on a regular basis.
Get a free security scan
A free security scan will tell us how up to date your patches are.
It will also flag other potential vulnerabilities, software updates and hosting issues. For example:
Take action on your websites and data management now.
Hang on, what is GDPR anyway?
The GDPR – General Data Protection Regulation – comes into force in the UK on 25th May 2018.
This new EU regulation replaces the Data Protection Act (DPA) 1998.
The GDPR has similarities with the DPA as well as new and additional requirements for the handling and processing of personal data. Anyone with day-to-day responsibility for data protection needs to be aware of it.
Failure to comply with the GDPR carries with it some serious fines so now is the time to start preparing for its introduction.
Everything you need to know can be found on the Information Commissioner’s website. We’ve pulled out some key points to get you thinking about what your business will need to do about its digital properties.
Have you got explicit consent from your subscribers?
Can you prove that everyone on your mailing lists – whether customers, prospects, fans or followers – have given explicit consent to be on those lists and marketed to?
Businesses must be able to prove subscribers have positively opted-in to be marketed to. If they filled in a form with a pre-ticked box or simply failed to respond to a call to action (e.g. if we don’t hear from you we’ll assume ….) that’s not good enough.
Implied consent isn’t good enough for the GDPR.
Are your subscribers humans?
If your sign up and opt-in box or page doesn’t have a reCAPTCHA form or confirm your subscription by email process, you might be marketing to robots or unwittingly spamming people. This is not good.
What about those Cookies?
You’ll need to get a handle on exactly what data your website or app is collecting from users.
An understanding of the fair and lawful basis for acquiring that data is required by the GDPR and again, you’ll need explicit consent to do so.
Make sure you’ve got a decent message about Cookies that your users can opt-in to proactively.
Businesses must be clear about why and how they are handling people’s personal data, how they ensure it is adequate (not excessive), accurate and kept up to date.
They must also be explicit about how long they keep personal data and what the removal, archiving or deletion process is.
The GDPR reinforces the rights enshrined in the DPA for individuals to request access to the data an organisation holds on them. Individuals also have the right to rectify inaccurate information and have it erased in certain circumstances.
Have you got procedures in place to allow for deleting personal data wherever it may be stored in your business? You’ll also need a protocol for providing personal data to users who request it.
Don’t forget to update it on your website or app too.
What about your digital partners with software integrations on your website?
It’s time to review which third parties have integrations on your website or app. Are they taking steps to be compliant with GDPR? Have you got proper agreements or contracts in place with them about handling personal data?