How website software updates are more important than ever with the introduction of GDPR
Whatever software and plugins you use for your website, regular updates are needed to fix bugs, increase security, enhance and add features, and generally improve performance.
If you don’t update your website software, you may have issues in areas of website performance such as page load speed and web browser compatibility, and your site will be at greatly increased risk of hacking.
How you update your site software depends on which CMS (content management system) you use. For example, in popular CMS WordPress, there is a in-built update notification system with notifications which appear on the dashboard and can be installed with a single click. Other CMS platforms, such as Drupal, are more complicated, and require specific processes and workflows.
GDPR compliance & software updates
Finally, we consider how to ensure website compliance with the General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018. There’s widespread panic about the GDPR and it’s important to ensure compliance as data protection breaches can incur fines of up to €20m!
Keeping your website software up to date is essential to stay compliant with GDPR – as if you don’t install security updates your website is at rick of hacking, which in some cases could result in data breaches, something which under GDPR needs to be reported to the ICO and to any website visitors or customers who may have had their information accessed by hackers.
This includes people who use contact forms on your website, users who have registered on your site, or customers who have placed an order through your store.
The ICO’s on GDPR & software updates
In a recent blog post, Nigel Houlden, Head of Technology Policy at Information Commissioners Office, made the position of the ICO clear, stating:
Failure to patch known vulnerabilities is a factor that the ICO takes into account when determining whether a breach of the seventh principle of the Data Protection Act is serious enough to warrant a civil monetary penalty. And, under the General Data Protection Regulation taking effect from May 25 this year, there may be some circumstances where organisations could be held liable for a breach of security that relates to measures, such as patches, that should have been taken previously.
Nigel Houlden Head of Technology Policy at ICO
Now, that speaks for itself. So make sure you install updates, and security patches, in a timely fashion. Or get professional assistance to ensure patches are installed when required.