Masterful lady in a zen pose.

Being compliant doesn't have to be a bore

24 Oct 2021

Barry Fisher - Technical Director

Written by
Barry Fisher
Technical Director

The importance of balancing fun with compliance for web design.

When building a new website, it is all too easy to focus on the fun items - the branding, fonts, colours, imagery, and layout. But this overlooks some less glamorous components which are fundamental to your website's operational capabilities – being compliant with aspects such as data privacy, website security and disability access. By factoring these into the initial design it allows for a better customer experience by seamlessly integrating them yet making them accessible and visible, when necessary, and gaining the user's trust.

Unfortunately, these key functional requirements can be difficult to implement retrospectively without delivering a clunky result. We are all familiar with cookie warnings and privacy policies popping up when first entering websites, and yet some firms are able to include them less obtrusively. Too often these matters are only considered just before launch and a compliance or legal expert points out the requirements. Careful planning can avoid this unnecessary pressure point and avoid a well-designed website being compromised by late additions.

Data privacy - giving individuals control of their data

With rumours continuing to circulate about whether smart speakers record and report on us, Apple is now using data privacy tools as a marketing ploy for its new phones. By being up front about data privacy they are seeking to regain people's trust in technology.

Understandably, people value their privacy and feel uncomfortable when asked to provide personal information without understanding why, or who will use it. However, we generally accept that many of the efficiencies and benefits of the internet are only possible if we oblige with supplying some information about ourselves. For webforms, even though users are voluntarily completing them, we recommend including an opt-in marketing box and a link to your privacy notice. Having an up-to-date privacy policy will help as ultimately it is about ensuring the user feels in control.

This can be achieved by only asking for essential information, being open about why the data is required, how it will be used, how long it will be stored and not using it for other purposes. Effectively how we would like our own personal data to be treated. Unsurprisingly this aligns with the core requirements of the General Data Protection Regulations (GDPR).

By considering data privacy during the website design, the site can flow more logically and avoid scary warnings being shoehorned in. When data privacy is incorporated well, the customer feels in control and will be more trusting of the website and company.

Data protection - looking after your customer's data

Having trusted a website with our personal data, the last thing we want to learn is that the site has been hacked. Stories of household brands being subject to data breaches are all too familiar. Sometimes the weakness is not the technology, but the staff, perhaps insecurely e-mailing customer data or clicking on a link in a spam mail.

Robust processes and policies, and effective training will help mitigate these risks, but should be backed up with strong website security. A few simple steps can be taken during the website build to increase security and visibly reassure customers that their data is safe. Use a SSL (Secure Socket Layer) certificate, a digital certificate that authenticates your website's identity and allows an encrypted connection between web server and web browser. Always incorporate reputable anti-malware and ensure your website is kept up to date and compatible with the most recent browser upgrades which your customers use.

Accessibility of your website

Some of your customers will likely have a disability, or not be technology savvy. Factoring their needs into your web design will help them interact with you and possibly differentiate you from your competition. It also demonstrates to all of your customers that you are a considerate and inclusive firm.

Actions include having a large clear font option and having sufficient contrast between the colours you use, especially when placing text over pictures. If adding video content, consider including a subtitle option. Although simple steps, they are best incorporated during the design, so layouts aren't compromised.


Cookies help websites tailor a visitor's experience and provide a more personal and convenient website experience. They do this by allowing the website to remember a visitor, their history, and preferences. Visitors should be provided with clear and comprehensive information about data storage and protection and the option to refuse access to their information and its storage. Being upfront and honest about cookies makes it easier for people to understand and opt in. The risks for non-compliance can be significant and give your legal and accounting teams sleepless nights.

EU and UK websites generally have a cookies page, but while details are 'in your face' when first accessing the site, they can often be less obvious when you want to review or change your preferences. We recommend including a cookie notice which is clearly visible when first accessing the website linking to relevant information and requiring users to tick to confirm understanding. The cookie policy should also be accessible, but less visible, for future visits.

Maintaining compliance

Creating a compliant website is important not just because of legal requirements, but because it is the right thing to do. However, compliance needs to be maintained to ensure the website remains fit for purpose and ensures its longevity, and your businesses.

There are several third-party software as a service (SaaS) providers (, and that can ensure your website is legally compliant with your customer's local laws. They help you keep up with legislative changes so you don't need to be an expert on, and monitor, multiple territories. This can make the whole process easier, and when built into your site they minimise risks.

Fortunately, it is now relatively straightforward to build fun websites which provide a rich and seamless customer experience while embedding the compliance requirements of multiple regions. Unfortunately, there is nothing sexy about poorly accessible websites and not keeping customer's data secure!

For these reasons, we recommend that for new websites, compliance is one of the first considerations. Drupal and Pivale are the 'dream team' for bespoke web solutions such as websites, intranets and online software and incorporate a high degree of security,privacy, and accessibility.

If you would like to discuss your requirements for a new website, or an upgrade to your current website, then please get in touch.

Barry Fisher - Director

Get in touch about your project

Give us a call or send us an email to talk through your project

telephone+44 (0) 203 743 0887

email[email protected]

Related articles

A close up of a hard disk drive.

Data sovereignty, the cloud and custom software

Calendar 5 Aug 2019 #Security & compliance Implementing cloud-based services within your business could you be exposing you to hidden risks all for the sake of a "convenient" solution?

Read the article
A hand made, brightly coloured sign with the word OPEN.

The benefits of open-source website CMS software

Calendar 16 Jun 2021 #Insights #Security & compliance What exactly are the differences between open-source and closed proprietary software and why should I care?

Read the article
An elephant inside a business meeting room.

5 ways your addiction to spreadsheets increases risk in your business

Calendar 13 Jul 2020 #Insights #Security & compliance It's time to talk about the elephant in the room: your addiction to spreadsheets! Relying on spreadsheets is bad for business. Here's how to fix that problem.

Read the article

More recent articles

Protective mother deer with her fawn looking into the distance.

Green lights and red flags for inter-agency collaborative working

Calendar 2 Jan 2024 #Insights #Advice #User experience #Drupal #WordPress Most responsible agencies have working relationships with fellow branding, marketing or creative agencies who have a particular skill set that can knock the socks off their clients when they partner up.

Read the article
Businessman with a unicorn head.

Why you need to STOP hunting for the unicorn

Calendar 10 Oct 2023 #Insights #Advice Let’s face it - recruitment is hard. And it’s not getting any easier. Inundated with CVs, but nothing that quite fits the bill. Know the feeling? You’re not alone.

Read the article
A mess of plugs and cables looking very dangerous.

Where businesses are going wrong with managing multiple websites

Calendar 11 Sep 2023 #Insights #Advice #Security & compliance #User experience #SEO #Drupal #WordPress Why you might have ended up in a multisite muddle.

Read the article

Subscribe for email updates

1 Your details

2 Your interests

Please select which Pivale services are of interest to you:

3 Legal info

By subscribing, you acknowledge that your information will be transferred to our marketing platform for processing.

You can unsubscribe at any time by clicking the link in the footer of our emails. You can find out more in our privacy policy.