Online compliance – ensuring your websites, portals, e-commerce stores, apps and tools comply with the applicable legislation – is important in protecting your business and also presents an opportunity to build trust and foster customer loyalty.
At Workingtree Studio, privacy by design, (like performance and security), is embedded into our services and we can provide the expertise that ensures the peace of mind that comes with compliance and eases your path to it.
GDPR
The General Data Protection Regulation (GDPR) imposes obligations on organisations if they target or collect data related to people in the EU.
The aim is to protect the privacy rights of individuals in the European Union (EU) and European Economic Area (EEA) by giving them control over how their personal data is processed (stored and used) online. There are penalties for non-compliance (and the potential for reputational damage).
Under the GDPR, your business must collect and process personal data only for the purposes you explicitly specify to the data subjects concerned. You must make the purpose of processing clear from the start, gain consent, record the data in some way, and only change it if you re-obtain consent.
Working with us
We can guide you through the legislation and the different responsibilities for the data controller and the data processor (along with how to navigate the grey areas).
We can also provide the insights and information that only come with the experience of working with many companies in the public and private sectors, such as the importance of communication and keeping your Data Protection Officer (or other responsible individual) involved whenever any decisions are made, or just how much compliance can be achieved with a well written and comprehensive privacy policy.
And, of course, we can advise on the practical steps you need to take:
Know the data you hold – understand what personal data you hold, where it is stored, and who has access to it.
Have a privacy policy and keep it updated – to inform your visitors about how you collect, use, store, and disclose their personal data, their rights and your obligations to them.
Gain consent – for cookies, forms and marketing activities.
Have a cookie banner – and don’t load cookies without users’ explicit consent (opt-in).
Provide data rights access – a method for users to access, modify or delete their data.
Review third-party services – ensure the services used directly are GDPR-compliant.
Secure your site, app or tool – the right steps should be taken to protect the the data stored.
Prepare an action plan – in the event of a data breach
Review international data transfer – if your business website relies on transferring personal data from EU to non-EU countries.
Web Content Accessibility Guidelines (WCAG)
The guidelines define how to make web content more accessible to people with disabilities, including visual, auditory, physical, speech, cognitive, language, learning, and neurological disabilities.
There are different standards applicable for different types of site, with public sector sites required to meet a more stringent level. For public sector sites and apps in Europe, WCAG 2.1 is now essential, with WCAG 2.2 approaching at the end of 2024. For non-public sector sites and apps, WCAG 2.0 is desirable and we recommend engaging with WCAG 2.1.
Working with us
As standard, our design principles include:
Careful design of navigability and hierarchy of information.
REMs as unit of measurement – providing optimum scalability.
Pages and posts structured to appear and operate in predictable ways.
Built into our development workflow – fully semantic markup, alt-tags, standard text formatting, captioning, labelling and form values.
We can guide you through the standards – how to comply and how to test compliance, and we can implement the necessary code, either as a standalone service for an existing site, app or tool or as part of a development process we are undertaking for you.
Our approach is client-centric and agile. The process will vary according to the project and your preferences, but the general outline is likely to be as follows:
The process
- Initial meeting – Establish roles and responsibilities, preferred ways of working.
- Discovery phase – Explore with you goals and audiences. Gather knowledge and supporting data from you. Explore with you in detail project goals and audiences. Together, set success metrics and finalise a project plan. Supply a cost breakdown and a statement of work.
- (You may have completed the Initial meeting and Discovery phase with us as part of another process).
- Set-up phase – Together, examine the legislation applicable. Identify who should be involved (your Data Protection Officer or equivalent) and establish communication. Clarify where the data controller and processor responsibilities lie. Produce a roadmap to compliance setting out the steps required. Advise on the policies necessary. Set out any technical measures that will need to be added during development.
- Code implementation phase – we can make any coding changes necessary to an existing site, or we can make them to a site we are developing with you as part of the Web development, e-commerce, Digital marketing or Content creation process, continuously testing to the standard you require using tools such as aXe, Wave and the accessibility features in Chrome DevTools and Mozilla Firefox.
- Checking phase – Undertake a comprehensive check (this can be incorporated into the ‘Final testing phase’ of the relevant process).
- (For sites, apps and tools that are already in use, a GDPR compliance audit or a WCAG compliance audit will reveal any compliance issues in relation to the applicable standard with actionable recommendations).
GDPR compliance audit
For sites that are already in use, we have developed an audit process that will reveal any compliance issues in relation to the applicable standard.
The Discovery phase will be similar to that for a new project. Then, informed by project goals and research, we will undertake an evidence-based assessment of your current level of compliance and provide information and recommendations for improvements.
This will comprise an examination of:
Factors including governance – leadership, training and awareness, privacy by design, privacy management, risk management, the upholding of individuals’ rights, international data transfers, agreements with processors and supplier contracts.
And a review of:
A sample of GDPR related documents – including data protection policy, privacy notices (internal and external), data breach policy, process and logs, agreements with processors, data processing agreements with customers and suppliers, records of processing activities (RoPA), information security policy, job descriptions and template employment contracts.
We will produce an audit report, containing a clear set of insights and actionable recommendations.
WCAG compliance audit
We have developed an audit process that will reveal any compliance issues in relation to the applicable standard. Our experts work with a range of best-in-class accessibility testing tools to provide you with the advice and recommendations needed to support you in meeting your WCAG requirements.
The report will examine whether users are able to:
Use a screen reader – to ‘read’ content out loud.
Use a screen magnifier – to enlarge part or all of a screen.
Use voice commands – to navigate the site.
Use a keyboard – to 0perate the site.
Easily understand link text – (such as a description instead of ‘click here’).
Access important graphics and controls – by use of sufficient colour contrast.
Access meaningful alt text for images.
Access to semantically marked up forms.
We will provide an assessment of (and guidance for producing and publishing) the Accessibility Statement.
We will produce an audit report, containing a clear set of insights and actionable recommendations, with a ‘roadmap’ of fixes to be carried out. As part of the service we provide a follow-up audit.