Secure and Compliant


Every page of your Practice Website with us is https-secured. This means communication between the patient’s web browser and the server hosting the website is encrypted and cannot be intercepted en route. It also means a padlock icon is visible in the browser address bar at all times, on every page, which reassures patients that they are on a secure site.

This is the only way that your patients can be certain the content they see on your website has not been intercepted and changed.

check the site is secure
question and answer

does it matter if pages that don't contain forms are HTTPS encrypted?

Yes, it most certainly does!

If someone can intercept and change the content on your unencrypted web pages, they can change links contained on those pages. Imagine if your patients followed links on your site that appeared to take them to your online secure form provider's website (Patient Access, VisionOnline, SystmOnline etc) but in fact took them to a different site made to look the same, with the purpose of stealing their log-in data.

"Without HTTPS, eavesdroppers can not only access the data flowing over the internet, seeing everything we do on a site, but can also intercept it and manipulate it."

Data Security & GDPR

Your Practice Website needs to comply with the General Data Protection Regulations (GDPR), introduced in May 2018.

Our system gives you full control over information sent to you by patients through your Website.

Information submitted through contact forms is only retained for a set period of time before being automatically deleted, complying with the GDPR requirement to only retain personal data as long as it is required. The retention period for data submitted through the Friends & Family Test or Practice Surveys can be set by the Practice.

All information submitted through secure forms is encrypted and can only be accessed by nominated Practice staff over a secure connection.

Each form on our GP Websites automatically includes a comprehensive privacy statement and a box which the patient must tick to indicate their consent to the information being used for the purposes indicated. The privacy statement on each contact form can be customised as required.

Each of our Practice Websites includes an automatically generated 'Website Privacy' page which describes all information collected by the Website and how it is safely handled.


Popular web browsers such as Chrome and Firefox, are moving quickly towards a position where any web page which is not HTTPS will be prominently flagged as not secure. You do not want your patients to have doubts about the security of your site. It may prevent them using the services contained therein and may generate more telephone enquiries instead.

Data Storage

All Website data is stored in a secure, ISO/IEC 27001 certified Rackspace data centre. ISO/IEC 27001 demonstrates best practice for an information security management system. Servers are proactively monitored for security, are virus scanned and are backed-up on a daily basis.

powered by rackspace

A range of technical steps are taken to ensure only authorised users can access the data submitted through your Website or can edit Website content. All content entered by Practice staff into websites is also scanned for potential issues.

Patients can be confident that their information is safe.

Our GP Website system was purpose-built from day one by a world class development team. It is bespoke and is not based on a free system such as Wordpress!

What's wrong with using Wordpress for our Practice Website?

Wordpress is widely used on the web, but it is also the #1 target for hackers!

Even keeping it up-to-date with the latest version is no guarantee your site won't fall victim to an attack.

It is an 'open source' system, which means that anyone can view the code which powers it. This is both its greatest strength and greatest weakness. Both genuine developers and hackers can pore over the code to find and either fix or exploit weaknesses.

Most Wordpress sites use one or more 'plugin' to offer additional functionality. These are usually developed by third parties and this can introduce new security risks.

Updates to correct serious security issues are released frequently, and Wordpress sites can be configured to automatically update themselves to the latest version when a new one is released. However, updates can break the design on sites using the system, so developers often leave this security feature turned off.

wordpress hacked

February 2017 - 1.5 million Wordpress pages hacked

question and answer

Oldroyd Publishing Group is Cyber Essentials certified.

cyber essentials certified

We are registered with the Information Commissioner's Office.

ICO Registration Numbers

Oldroyd Publishing Group Ltd - Z4956631
Neighbourhood Direct Ltd - Z4874377