Masterful lady in a zen pose.
Calendar   24 October, 2021 //

Being compliant doesn't have to be a bore

#Security & compliance
Barry Fisher, Founder and CEO at Pivale Drupal agency - a man with dark hair, a neat beard, moustache and glasses.

Written by

Barry Fisher

Founder & CEO

Share Arrow down

Designing and developing websites is fun. It's why we get out of bed in the morning. But there's an importance balancing to be struck between fun and compliance. Being compliant doesn't have to be a bore, though, as we explore in this article.

When building a new website, it is all too easy to focus on the fun items - the branding, fonts, colours, imagery, and layout. But this overlooks some less glamorous components which are fundamental to your website's operational capabilities – being compliant with aspects such as data privacy, website security and disability access. By factoring these into the initial design it allows for a better customer experience by seamlessly integrating them yet making them accessible and visible, when necessary, and gaining the user's trust.

Unfortunately, these key functional requirements can be difficult to implement retrospectively without delivering a clunky result. We are all familiar with cookie warnings and privacy policies popping up when first entering websites, and yet some firms are able to include them less obtrusively. Too often these matters are only considered just before launch and a compliance or legal expert points out the requirements. Careful planning can avoid this unnecessary pressure point and avoid a well-designed website being compromised by late additions.

Data privacy - giving individuals control of their data

With rumours continuing to circulate about whether smart speakers record and report on us, Apple is now using data privacy tools as a marketing ploy for its new phones. By being up front about data privacy they are seeking to regain people's trust in technology.

Understandably, people value their privacy and feel uncomfortable when asked to provide personal information without understanding why, or who will use it. However, we generally accept that many of the efficiencies and benefits of the internet are only possible if we oblige with supplying some information about ourselves. For webforms, even though users are voluntarily completing them, we recommend including an opt-in marketing box and a link to your privacy notice. Having an up-to-date privacy policy will help as ultimately it is about ensuring the user feels in control.

This can be achieved by only asking for essential information, being open about why the data is required, how it will be used, how long it will be stored and not using it for other purposes. Effectively how we would like our own personal data to be treated. Unsurprisingly this aligns with the core requirements of the General Data Protection Regulations (GDPR).

By considering data privacy during the website design, the site can flow more logically and avoid scary warnings being shoehorned in. When data privacy is incorporated well, the customer feels in control and will be more trusting of the website and company.

Data protection - looking after your customer's data

Having trusted a website with our personal data, the last thing we want to learn is that the site has been hacked. Stories of household brands being subject to data breaches are all too familiar. Sometimes the weakness is not the technology, but the staff, perhaps insecurely e-mailing customer data or clicking on a link in a spam mail.

Robust processes and policies, and effective training will help mitigate these risks, but should be backed up with strong website security. A few simple steps can be taken during the website build to increase security and visibly reassure customers that their data is safe. Use a SSL (Secure Socket Layer) certificate, a digital certificate that authenticates your website's identity and allows an encrypted connection between web server and web browser. Always incorporate reputable anti-malware and ensure your website is kept up to date and compatible with the most recent browser upgrades which your customers use.

Accessibility of your website

Some of your customers will likely have a disability, or not be technology savvy. Factoring their needs into your web design will help them interact with you and possibly differentiate you from your competition. It also demonstrates to all of your customers that you are a considerate and inclusive firm.

Actions include having a large clear font option and having sufficient contrast between the colours you use, especially when placing text over pictures. If adding video content, consider including a subtitle option. Although simple steps, they are best incorporated during the design, so layouts aren't compromised.

Cookies

Cookies help websites tailor a visitor's experience and provide a more personal and convenient website experience. They do this by allowing the website to remember a visitor, their history, and preferences. Visitors should be provided with clear and comprehensive information about data storage and protection and the option to refuse access to their information and its storage. Being upfront and honest about cookies makes it easier for people to understand and opt in. The risks for non-compliance can be significant and give your legal and accounting teams sleepless nights.

EU and UK websites generally have a cookies page, but while details are 'in your face' when first accessing the site, they can often be less obvious when you want to review or change your preferences. We recommend including a cookie notice which is clearly visible when first accessing the website linking to relevant information and requiring users to tick to confirm understanding. The cookie policy should also be accessible, but less visible, for future visits.

Maintaining compliance

Creating a compliant website is important not just because of legal requirements, but because it is the right thing to do. However, compliance needs to be maintained to ensure the website remains fit for purpose and ensures its longevity, and your businesses.

There are several third-party software as a service (SaaS) providers (iubenda.com, cookiebot.com and onetrust.com) that can ensure your website is legally compliant with your customer's local laws. They help you keep up with legislative changes so you don't need to be an expert on, and monitor, multiple territories. This can make the whole process easier, and when built into your site they minimise risks.

Fortunately, it is now relatively straightforward to build fun websites which provide a rich and seamless customer experience while embedding the compliance requirements of multiple regions. Unfortunately, there is nothing sexy about poorly accessible websites and not keeping customer's data secure!

For these reasons, we recommend that for new websites, compliance is one of the first considerations. Drupal and Pivale are the 'dream team' for bespoke web solutions such as websites, intranets and online software and incorporate a high degree of security,privacy, and accessibility.

If you would like to discuss your requirements for a new website, or an upgrade to your current website, then please get in touch.

Barry Fisher, Founder and CEO at Pivale Drupal agency - a man with dark hair, a neat beard, moustache and glasses.

Written by

Barry Fisher

Founder & CEO

Barry is our founder and CEO, responsible for delivering on our mission statement and ensuring return on investment for our clients. Barry oversees the majority of our software projects. Barry is a Business degree graduate of Middlesex University London.

Related articles

The Pivale team from left to right - Pri Scarabelli, Julie Manning, Barry Fisher, Darren Fisher, and Daniel Johnson.

Who are Pivale?

Let's talk