It's just mind boggling to me that this site (alpha, beta or whatever) has got anywhere near the live internet without HTTPS. There is absolutely no excuses for it not to have been implemented from day one, this is apparently a professional web development company. It worries me enormously that a statement like "The new system will eventually be GDPR compliant" is even uttered. Eventually? It should be compliant now!!
I don't want to diss the site as I think it looks pretty good. A few things, as I said earlier, need tidying up but overall it looks fine. But the members need confidence that the site will be secure, sustainable and money well spent, the annual maintenance fee is enormous IIRC. The HTTPS issue is not helping with that confidence at the moment.