Ok, another somewhat worried email from me, I’m afraid.
After reassuring me on both counts, (that my emails are only stored in Office 365 and that I had successfully selected the option to not have Form responses stored on their servers but emailed directly to me) they said that I was, however, not GDPR compliant.
Pardon?!? … was my slightly shocked response.
They directed me to this site:
Apparently, after GDPR, any site that has a contact form and does not have an SSL certificate (which I thought I had but it transpires it did not come automatically with the package I chose so I actually only have domain privacy) is not compliant.
Is having an SSL a requirement to get accreditation? I have wanted to switch hosting company for a while but my contract with 123-Reg does not end until October, so I don’t really want to get an SSL certificate from them (not least as the host I am moving to does provide this as standard).
Any advice welcome.
PS: Sorry if I should have put this under the “legal issues” category instead … was not sure what was the best place for it to go.