If you have a contact form on your website, you need to have a secure website to be GDPR compliant. It is not just about GDPR compliance though; it is just the right thing to do. Your customer is trusting you with their data, and you need to show you are taking care of them. Personal data (in the example of a contact form) being the name, address and telephone number etc.
Do I need SSL if I don't have collect any personal data?Theoretically no, but practically yes. If your competitors have SSL, then customers are more likely to go with the secure site - regardless of whether there is a contact form or not. Visitors browsing from Chrome or Firefox will see security warnings against your website, which is not great for business. You can test this out for yourself. Find a website that is not "https" and open it up in either Chrome or Firefox. You will see a security warning is displayed in the browser address bar.
Benefits of a secured site:
- no security warnings
- padlock in browser address bar grows customer trust
- shows the business is making an effort, again, building customer trust
- if your competitors are insecure, you may get their business!