Masterful lady in a zen pose.

Being compliant doesn't have to be a bore

24 Oct 2021

Barry Fisher - Technical Director

Written by
Barry Fisher
Technical Director

The importance of balancing fun with compliance for web design.

When building a new website, it is all too easy to focus on the fun items - the branding, fonts, colours, imagery, and layout. But this overlooks some less glamorous components which are fundamental to your website's operational capabilities – being compliant with aspects such as data privacy, website security and disability access. By factoring these into the initial design it allows for a better customer experience by seamlessly integrating them yet making them accessible and visible, when necessary, and gaining the user's trust.

Unfortunately, these key functional requirements can be difficult to implement retrospectively without delivering a clunky result. We are all familiar with cookie warnings and privacy policies popping up when first entering websites, and yet some firms are able to include them less obtrusively. Too often these matters are only considered just before launch and a compliance or legal expert points out the requirements. Careful planning can avoid this unnecessary pressure point and avoid a well-designed website being compromised by late additions.

Data privacy - giving individuals control of their data

With rumours continuing to circulate about whether smart speakers record and report on us, Apple is now using data privacy tools as a marketing ploy for its new phones. By being up front about data privacy they are seeking to regain people's trust in technology.

Understandably, people value their privacy and feel uncomfortable when asked to provide personal information without understanding why, or who will use it. However, we generally accept that many of the efficiencies and benefits of the internet are only possible if we oblige with supplying some information about ourselves. For webforms, even though users are voluntarily completing them, we recommend including an opt-in marketing box and a link to your privacy notice. Having an up-to-date privacy policy will help as ultimately it is about ensuring the user feels in control.

This can be achieved by only asking for essential information, being open about why the data is required, how it will be used, how long it will be stored and not using it for other purposes. Effectively how we would like our own personal data to be treated. Unsurprisingly this aligns with the core requirements of the General Data Protection Regulations (GDPR).

By considering data privacy during the website design, the site can flow more logically and avoid scary warnings being shoehorned in. When data privacy is incorporated well, the customer feels in control and will be more trusting of the website and company.

Data protection - looking after your customer's data

Having trusted a website with our personal data, the last thing we want to learn is that the site has been hacked. Stories of household brands being subject to data breaches are all too familiar. Sometimes the weakness is not the technology, but the staff, perhaps insecurely e-mailing customer data or clicking on a link in a spam mail.

Robust processes and policies, and effective training will help mitigate these risks, but should be backed up with strong website security. A few simple steps can be taken during the website build to increase security and visibly reassure customers that their data is safe. Use a SSL (Secure Socket Layer) certificate, a digital certificate that authenticates your website's identity and allows an encrypted connection between web server and web browser. Always incorporate reputable anti-malware and ensure your website is kept up to date and compatible with the most recent browser upgrades which your customers use.

Accessibility of your website

Some of your customers will likely have a disability, or not be technology savvy. Factoring their needs into your web design will help them interact with you and possibly differentiate you from your competition. It also demonstrates to all of your customers that you are a considerate and inclusive firm.

Actions include having a large clear font option and having sufficient contrast between the colours you use, especially when placing text over pictures. If adding video content, consider including a subtitle option. Although simple steps, they are best incorporated during the design, so layouts aren't compromised.

Cookies

Cookies help websites tailor a visitor's experience and provide a more personal and convenient website experience. They do this by allowing the website to remember a visitor, their history, and preferences. Visitors should be provided with clear and comprehensive information about data storage and protection and the option to refuse access to their information and its storage. Being upfront and honest about cookies makes it easier for people to understand and opt in. The risks for non-compliance can be significant and give your legal and accounting teams sleepless nights.

EU and UK websites generally have a cookies page, but while details are 'in your face' when first accessing the site, they can often be less obvious when you want to review or change your preferences. We recommend including a cookie notice which is clearly visible when first accessing the website linking to relevant information and requiring users to tick to confirm understanding. The cookie policy should also be accessible, but less visible, for future visits.

Maintaining compliance

Creating a compliant website is important not just because of legal requirements, but because it is the right thing to do. However, compliance needs to be maintained to ensure the website remains fit for purpose and ensures its longevity, and your businesses.

There are several third-party software as a service (SaaS) providers (iubenda.com, cookiebot.com and onetrust.com) that can ensure your website is legally compliant with your customer's local laws. They help you keep up with legislative changes so you don't need to be an expert on, and monitor, multiple territories. This can make the whole process easier, and when built into your site they minimise risks.

Fortunately, it is now relatively straightforward to build fun websites which provide a rich and seamless customer experience while embedding the compliance requirements of multiple regions. Unfortunately, there is nothing sexy about poorly accessible websites and not keeping customer's data secure!

For these reasons, we recommend that for new websites, compliance is one of the first considerations. Drupal and Pivale are the 'dream team' for bespoke web solutions such as websites, intranets and online software and incorporate a high degree of security,privacy, and accessibility.

If you would like to discuss your requirements for a new website, or an upgrade to your current website, then please get in touch.

Barry Fisher - Director

Get in touch about your project

Give us a call or send us an email to talk through your project

telephone+44 (0) 203 743 0887

email[email protected]

Related articles

A sky scene with indecipherable technical information overlaid for effect indicating cloud hosting

3 reasons your choice of website host isn't just an IT issue

Calendar 16 Aug 2022 #Advice #Security & compliance Choosing the web infrastructure that supports your website is of paramount importance. And given that your choice of website host underpins the ability of your business to exist online, it's fair to say you need to make a well-informed decision about your hosting service.

Read the article
A close up of a hard disk drive.

Data sovereignty, the cloud and custom software

Calendar 5 Aug 2019 #Security & compliance Implementing cloud-based services within your business could you be exposing you to hidden risks all for the sake of a "convenient" solution?

Read the article
Chocolate cake with strawberry on top.

Not just another web developer!

Calendar 24 Apr 2019 #Insights #Security & compliance Have your cake and eat it! Find out how our approach gets you the quality and experience of working with a large agency without the overhead.

Read the article

More recent articles

Bundles of Euro bank notes overlaid by handcuffs and a sinister sillouetted character on the left.

Google Analytics: Is it legal?

Calendar 24 Nov 2022 #Insights #Advice #Security & compliance Promise: not clickbait! It's hard to believe that this popular product could be considered illegal.

Read the article
A girl grimacing in disgust.

What to consider when you're thinking about your webforms

Calendar 3 Nov 2022 #Insights #Advice Webforms are a great way to consolidate interest and turn your visitors into potential new customers. But we bet you hadn't considered the power, positive and negative, that a webform can have on your potential new customer's experience of your business.

Read the article
The ruins of a building in the middle of a field.

6 reasons not to use a standalone microsite for your Christmas marketing campaign

Calendar 27 Oct 2022 #Insights #Advice #Security & compliance #SEO We've compiled a list of the six reasons businesses shouldn't entertain the thought of a microsite - and they're pretty compelling.

Read the article

Subscribe for email updates

1 Your details

2 Your interests

Please select which Pivale services are of interest to you:

3 Legal info

By subscribing, you acknowledge that your information will be transferred to our marketing platform for processing.

You can unsubscribe at any time by clicking the link in the footer of our emails. You can find out more in our privacy policy.