From time to time, we all run into blogging questions about whether we need to make critical changes to our site for security or page ranking.
Who do you turn to when you have blogging questions?
In some cases, you could ask five people the same question and get five very different answers.
That’s what seems to be happening now in terms of two issues: SSL Certificates for bloggers and the coming enforcement of the European Union’s GDPR.
The first question I’m still working to get a clear answer to is whether bloggers actually need an SSL Certificate.
SSL stands for “secure socket layer” and is a protocol that makes websites secure. A website whose URL begins https:// is considered secure by web browsers. A website with http:// — no S — is not considered secure.
It has become a big deal over the past year because more and more web browsers are becoming more and more dramatic about displaying information about the security (or insecurity) of websites. Some now have red “Not secure” text or color-coded padlocks that are designed to warn people whether they are on a secure connection.
The idea behind this is to make sure that people are able to quickly verify a site’s security before submitting sensitive information.
Sites that involve E-commerce, like banks and online stores, unquestionably need that SSL. You don’t want so submit account information or other personal data to a site that doesn’t have an https:// website.
But what about blogs like this one that don’t sell anything?
Some say this type of site doesn’t need an SSL at all.
Others say Google could limit page rank in search listings for sites without SSL.
At least one claimed to me that Google has already stopped showing results for non-SSL sites. (This, as far as I can tell, is patently false.)
One potential drawback to an SSL is that it can slightly slow the page load speed of your site. Google has said that page-load speed is also a ranking factor.
So if a blogger buys an SSL Certificate to improve search rankings for security, could he be hurting those rankings because of speed?
If you’re a blogger, I certainly hope you’ve heard those initials. They’ve suddenly become as talked about as SEO.
The reason for the recent urgency is that this European Union law is taking effect in late May. GDPR stands for General Data Protection Regulation and it requires site owners to make clear what personal data is being collected and get implicit permission to collect it.
It’s not enough, apparently, to post notices that say something to the effect, “By using this site, you agree….” Now, you have to actually get people’s permission to collect it, and there’s some understanding that site owners must actually keep record of having obtained that permission.
You may well ask why you’d need to be concerned with a law in the European Union. The answer is that it affects every site, no matter where it is, that happens to collect information about EU citizens. So that means if an EU citizen visits your site, even if it’s not maintained inside the EU, you’re subject to the law.
That means you’re subject to a sizeable fine if you don’t follow the law.
Would they really come after small sites? Wouldn’t they focus on big names like Amazon or Yahoo instead? Probably, but do you really want to take that chance?
Your best bet is to make sure your site is compliant.
The trouble with this is that most of the major services bloggers use — such as Google Analytics — that do collect some level of data don’t yet have clear answers for bloggers about what they should do.
The general message from these services about GDPR compliance at the moment is, “We’re working on it.”
Some questions are easier to get answered than others. I’m the type who likes to have all the answers upfront. For those who don’t have those answers, I try to be a resource here to help explain things.
On these two issues, there doesn’t seem to be any “easy” answers to explain. It feels like there’s so much confusion (and in some cases, perhaps even misinformation) that we’re left to figure it out on our own, and in the case of the GDPR, to do so as a clock is ticking.
Do bloggers really need an SSL Certificate?
How do bloggers need to prepare for the GDPR enforcement?
As I get more answers, I’ll add new posts and we’ll discuss them.
I just wish more were available right now.