Specifically, the supervisory authority had found the absence of the HTTPS protocol.
Table of Contents:
HTTPS: What is it?
The sanction of the Privacy Guarantor
SSL Certificate Types: Choosing the Right One
Domain Validation (DV)
Organization Validation (OV)
Extended Validation (EV)
HTTPS: What is it?
Hypertext Transfer Protocol Secure is the secure version of HTTP, which is the primary protocol used to transmit information from client to server.
The presence of HTTPS , in essence , certifies the website using the encryption protocol (SSL/TLS) suitable for protecting communications .
When information travels via HTTP, it is split into data packets that can be easily intercepted by third parties ( Man in the Middle ) because it is sent in clear text, without encryption; with the secure protocol, the traffic is encrypted in such a way as to hide the information.
Browsers themselves also warn users that they are visiting a website without HTTPS, and they do so by displaying the word “not secure” in the address bar.
The sanction of the Privacy Guarantor
It all started with a complaint to the Guarantor by a user, who reported the absence of an encryption system on a company website. In this case, the lack of an SSL certificate was iraq telegram phone number list in an area of the website where sensitive data such as authentication credentials, telephone contacts, tax codes, VAT numbers, personal and billing data were transmitted.
The user forwarded two reports via certified email to the water service provider that owns the domain and, given the lack of response, decided to contact the Privacy Guarantor. Following receipt of the complaint, the authority noted the failure to comply with the obligations set out in the privacy regulation regarding integrity and confidentiality in data processing , according to which the owner must implement technical and organizational measures suitable for guaranteeing a level of security appropriate to the risk (such as encryption of personal data and protection from the design stage of the website).
The company in question was fined €15,000 for failing to adequately protect the data of customers registered on the reserved area of its website. The fine was imposed considering the volume of data processed, the number of users and the company's collaborative approach.
SSL Certificate Types: Choosing the Right One
To enable HTTPS on your website, you need to get an SSL from a certificate authority. There are several types of SSL certificates on the market, which we will look at in detail below.
Domain Validation (DV)
This type of SSL certifies the domain on which it is activated. So, enable the HTTPS protocol and apply the padlock icon in the address bar.
DV SSL certificates are the most basic and require a single verification step by the domain owner. To complete the validation, the latter must prove that he or she is actually the owner of the domain and, to do so, one of the most common methods is verification via emails that are usually managed by the website administrator (webmaster@, postmaster@).
Shellrent's offer, thanks to the partnership with the Certificate Authority Sectigo , provides two DV SSL certificates, the PositiveSSL and the SectigoSSL, which vary according to the level of guarantee.
