Which came first, the chicken or the egg?


Here, we are not talking about Molecules, Atoms even more Elements but about your Information Technology legacy and future and how it will affect your company’s Data Protection Policy as a whole.

Once upon a time, a Certificate was required for websites for accepting Credit Cards and for financial operations.

Today, your website may not be secure, and later this year, Google will begin to put up a giant red flag that most of your page visitors will see.

Needless to say, this warning will spook many of your [customers/clients/buyers] and they will simply leave your site.

The way to fix this is to add what’s known as a SSL Certificate, which tells the visitor that your site belongs to your business, and also encrypts the data they input (such as their name, email, password, and payment info.)

We have various solutions for you. The most efficient and straight forward is via:


There is a video that explains more in detail about SSL. However, we will need your Control Panel details to be able to install the SSL certificate and check eventual issues and solve them accordingly.

Otherwise, by Spring 2018, many of your site visitors will likely take their businesses elsewhere, and your site traffic will see a significant reduction.

This will cause you to lose leads, rank in listings, and ultimately – money, so please reach out to me as soon as possible.

Needless to say that our team has the knowledge, experience and the ability to troubleshoot systems, coding etc. and we have been in the Internet Business since 1996.

Now that we control the behavior of HTTPS for your sites, let’s get into GDPR (General Data Protection Regulation) which is the next problem to be taken care of by 28th May, 2018.

-1247Days 00Hours -58Minutes -13Seconds

The EU GDPR will increase privacy for individuals and give regulatory authorities greater powers to take action against businesses that breach the new laws.

Note: The regulation also applies to non-EU companies that process personal data of individuals in the EU.

Some “agencies” are presenting GDPR as a burden to Companies *and* also the penalties that the EU have announced. (Fines of up to 4% on annual turnover or €20 M, whichever is the greater.) GDPR will force organizations to take more care over the data they store. We are going to explain what GDPR is in a few steps:

1. Data Protection by Design and by Default
In addition to the regulations surrounding public notification, Article 25 of GDPR mandates that data protection be implemented ‘by design and by default.’ As a result, it is imperative that organizations ensure software applications are secure throughout their lifecycle, with data protection measures designed in from the very beginning.

  1. Appoint a Data Protection Officer (DPO)Article 37(1) of the GDPR states that a DPO must be appointed if:
  • the relevant data processing activity is carried out by a public authority or body;
  • the core activities of the relevant business involve regular and systematic monitoring of individuals, on a large scale; or
  • the core activities of the relevant business involve processing of sensitive personal data, or data relating to criminal convictions and offences, on a large scale

3. Track sensitive data and report any breaches
Organizations that control personal data are required to report personal data breaches that pose a risk to the rights and freedoms of individuals to their supervisory authorities without undue delay, and, where feasible, no later than 72 hours once they become aware of the breach.

  1. Extended individual rightsThe GDPR provides the following rights for individuals:
  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

5. Cross-border data transfers
The position under the General Data Protection Regulation “GDPR” relating to international transfers of personal data is similar to the existing regime under the Data Protection Directive (the “Directive”). However, there are a number of important differences that are likely to have key practical implications.


  1. Understand international guidelinesIf your organization operates in more than one EU Member State, determine your lead data protection supervisory authority. Not sure where to start? In December 2016, the Article 29 Working Party (“WP29”) published its Guidelines for Identifying a Lead Supervisory

Authority to help organizations with this determination.

  1. Check your systems for minorsMinors age must be checked and legal consent obtained if and where necessary.
  2. Ditto for general Data processingDid you get explicit authorization from your users? Define a Privacy Policy and get your users to tick a box and acknowledge that they agree to it.

As you can see, this is obviously not as exhaustive as you might imagine. We have been very thrifty on the information because the EU issued the full blown works here:


Law: General data protection regulation – (EU) 2016/679

Directive (EU) 2016/680 on the protection of natural persons regarding processing of personal data connected with criminal offences or the execution of criminal penalties, and on the free movement of such data

What do Certified Internet Solutions Group do in all this?

  1. Secure your website in order to comply with SSL/Data collection (first part of this article)
  2. Conduct an audit of your IT and through our partnership with Law Firms in your country advise you on how to effectively get to terms with the EU


of 27 April 2016

on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).