How do I know if my website is GDPR compliant?
Server communication must be encrypted
The communication for all servers within Europe and to Europe must be encrypted. Communication in plain text will no longer tolerated. For the encryption there are different encryption algorithms. The correct selection of such algorithms is decisive here. It is advisable to choose algorithms that can communicate with any server worldwide, otherwise it is the same as a person is talking in his native language talking to another person in another native language. The international standard PCI DSS (Payment Card Industry Data Security Standard) is best suited for this purpose. PCI DSS is for organizations that handle branded credit cards from the major card schemes. The requirements are even not so high as by others. The choice of algorithms for PCI DSS ensures that the servers can communicate with each other worldwide.
In addition to PCI DSS, there are standards such as HIPAA and NIST, which are also provided in Jaispirit’s hosting:
HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information.
NIST (National Institute of Standards and Technology (NIST) is a metrology laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.
To find out if the used server communicates encrypted and at least complies with the PCI DSS standard, we recommend the SSL Security Test from ImmuniWeb. Here is a direct link to this free test: https://www.immuniweb.com/ssl/ It is also displayed whether the server meets the HIPAA or NIST encryption standards.
More implemented standards also mean a higher accessibility to communicate securely.