Masterful lady in a zen pose.

Being compliant doesn't have to be a bore

24 Oct 2021

Barry Fisher - Technical Director

Written by
Barry Fisher
Technical Director

The importance of balancing fun with compliance for web design.

When building a new website, it is all too easy to focus on the fun items - the branding, fonts, colours, imagery, and layout. But this overlooks some less glamorous components which are fundamental to your website's operational capabilities – being compliant with aspects such as data privacy, website security and disability access. By factoring these into the initial design it allows for a better customer experience by seamlessly integrating them yet making them accessible and visible, when necessary, and gaining the user's trust.

Unfortunately, these key functional requirements can be difficult to implement retrospectively without delivering a clunky result. We are all familiar with cookie warnings and privacy policies popping up when first entering websites, and yet some firms are able to include them less obtrusively. Too often these matters are only considered just before launch and a compliance or legal expert points out the requirements. Careful planning can avoid this unnecessary pressure point and avoid a well-designed website being compromised by late additions.

Data privacy - giving individuals control of their data

With rumours continuing to circulate about whether smart speakers record and report on us, Apple is now using data privacy tools as a marketing ploy for its new phones. By being up front about data privacy they are seeking to regain people's trust in technology.

Understandably, people value their privacy and feel uncomfortable when asked to provide personal information without understanding why, or who will use it. However, we generally accept that many of the efficiencies and benefits of the internet are only possible if we oblige with supplying some information about ourselves. For webforms, even though users are voluntarily completing them, we recommend including an opt-in marketing box and a link to your privacy notice. Having an up-to-date privacy policy will help as ultimately it is about ensuring the user feels in control.

This can be achieved by only asking for essential information, being open about why the data is required, how it will be used, how long it will be stored and not using it for other purposes. Effectively how we would like our own personal data to be treated. Unsurprisingly this aligns with the core requirements of the General Data Protection Regulations (GDPR).

By considering data privacy during the website design, the site can flow more logically and avoid scary warnings being shoehorned in. When data privacy is incorporated well, the customer feels in control and will be more trusting of the website and company.

Data protection - looking after your customer's data

Having trusted a website with our personal data, the last thing we want to learn is that the site has been hacked. Stories of household brands being subject to data breaches are all too familiar. Sometimes the weakness is not the technology, but the staff, perhaps insecurely e-mailing customer data or clicking on a link in a spam mail.

Robust processes and policies, and effective training will help mitigate these risks, but should be backed up with strong website security. A few simple steps can be taken during the website build to increase security and visibly reassure customers that their data is safe. Use a SSL (Secure Socket Layer) certificate, a digital certificate that authenticates your website's identity and allows an encrypted connection between web server and web browser. Always incorporate reputable anti-malware and ensure your website is kept up to date and compatible with the most recent browser upgrades which your customers use.

Accessibility of your website

Some of your customers will likely have a disability, or not be technology savvy. Factoring their needs into your web design will help them interact with you and possibly differentiate you from your competition. It also demonstrates to all of your customers that you are a considerate and inclusive firm.

Actions include having a large clear font option and having sufficient contrast between the colours you use, especially when placing text over pictures. If adding video content, consider including a subtitle option. Although simple steps, they are best incorporated during the design, so layouts aren't compromised.

Cookies

Cookies help websites tailor a visitor's experience and provide a more personal and convenient website experience. They do this by allowing the website to remember a visitor, their history, and preferences. Visitors should be provided with clear and comprehensive information about data storage and protection and the option to refuse access to their information and its storage. Being upfront and honest about cookies makes it easier for people to understand and opt in. The risks for non-compliance can be significant and give your legal and accounting teams sleepless nights.

EU and UK websites generally have a cookies page, but while details are 'in your face' when first accessing the site, they can often be less obvious when you want to review or change your preferences. We recommend including a cookie notice which is clearly visible when first accessing the website linking to relevant information and requiring users to tick to confirm understanding. The cookie policy should also be accessible, but less visible, for future visits.

Maintaining compliance

Creating a compliant website is important not just because of legal requirements, but because it is the right thing to do. However, compliance needs to be maintained to ensure the website remains fit for purpose and ensures its longevity, and your businesses.

There are several third-party software as a service (SaaS) providers (iubenda.com, cookiebot.com and onetrust.com) that can ensure your website is legally compliant with your customer's local laws. They help you keep up with legislative changes so you don't need to be an expert on, and monitor, multiple territories. This can make the whole process easier, and when built into your site they minimise risks.

Fortunately, it is now relatively straightforward to build fun websites which provide a rich and seamless customer experience while embedding the compliance requirements of multiple regions. Unfortunately, there is nothing sexy about poorly accessible websites and not keeping customer's data secure!

For these reasons, we recommend that for new websites, compliance is one of the first considerations. Drupal and Pivale are the 'dream team' for bespoke web solutions such as websites, intranets and online software and incorporate a high degree of security,privacy, and accessibility.

If you would like to discuss your requirements for a new website, or an upgrade to your current website, then please get in touch.

Barry Fisher - Director

Get in touch about your project

Give us a call or send us an email to talk through your project

telephone+44 (0) 203 743 0887

emailbarry.fisher@pivale.co

Related articles

Chocolate cake with strawberry on top.

Not just another web developer!

Calendar 24 Apr 2019 #Insights #Security & compliance Have your cake and eat it! Find out how our approach gets you the quality and experience of working with a large agency without the overhead.

Read the article
Boy expressing anger with a shouty face and outstretched hands.

Why the lack of industry standards makes us mad!

Calendar 22 Mar 2019 #Insights #Security & compliance We all too often speak to potential clients who have been 'scarred' by their experience with other providers in our industry.

Read the article
A series of tesselating hexagons containing padlocks - one of which is open and highlighted in red.

Why poor web security will damage your business

Calendar 27 Apr 2022 #Security & compliance The consequences of poor web security can be catastrophic so it's essential you have a strategy.

Read the article

More recent articles

An ambiguous figure in a suit throwing dice towards he camera.

Are you gambling with the security of your business?

Calendar 7 Jun 2022 #Security & compliance Ignoring security updates will seriously impact your business. It's time to take action.

Read the article
A large padlock integrated in to a circuit board.

Five reasons why you need ongoing website maintenance

Calendar 10 Mar 2022 #Security & compliance Ongoing security maintenance is essential to the longevity of your website or application.

Read the article
An isometric illustration of people stood on a deconstructed website.

How to make your website accessible for everyone

Calendar 2 Feb 2022 #Insights #Advice #User experience Accessibility is perhaps the most important and most ignored aspect of web development. Let's change that.

Read the article

Subscribe for email updates

1 Your details

2 Your interests

Please select which Pivale services are of interest to you:

3 Legal info

By subscribing, you acknowledge that your information will be transferred to our marketing platform for processing.

You can unsubscribe at any time by clicking the link in the footer of our emails. You can find out more in our privacy policy.