An SSL certificate is used to encrypt the traffic between your site visitor and your website and when active displays as a padlock in your web browser address bar. This helps to ensure a safer environment for your business to receive information over the internet such as credit card details or even personal information on contact forms and helps to prevent some types of attack. However, it should be said it does not protect the information once received. That is controlled by keeping your website and the server it’s hosted on upto date, applying security patches, encryption of data inside data stores (databases) etc.
Several years ago SSL certificates were viewed as only required for e-commerce sites and were relatively expensive. In recent years this has changed with the setup of an organisation called Let’s Encrypt. Now all sites on good hosts should be able to easily and freely setup basic certificates to protect traffic.
With the advent of GDPR and the fact that Google now ranks sites more favourably with SSL certificates than those without it’s considered unwise (and may fall foul of GDPR) to run a site without at least a basic certificate.