Category Archives: Regulations

GDPR for Town & Parish Council Websites

Frequently Asked Questions

We’re still getting lots of question from our town and parish council customers about how to make their websites GDPR compliant, so we’ve answered some of the most common questions below:

How does your website use and process personal information?

GDPR compliant privacy policy

GDPR and website security

GDPR and website cookies

GDPR and personal email accounts – Is it okay to use personal email for parish council business under GDPR?

Making your contact form GDPR compliant

How we can help

 

How does your website use and process personal information?

Your website collects personal data in a number of ways:

  • When you request information from users, such as if they fill in any form on your site to contact you or to subscribe to your newsletter
  • When users visit or log into your site cookies can be set on their computer
  • If you have any members areas/bulletin boards or the option for users to add comments

Back to top

GDPR compliant privacy policy

Your website should include the privacy policy for your town or parish council website, covering how you process information both on the website and in your general dealings. Your privacy policy should cover:

  • Do you collect data?
  • If so, why?
  • How do you use it?
  • Is it secure?
  • Do you share it with anyone?

All our websites include a built-in privacy policy page ready for you to add your policy to. This links into your site footer, so is visible from ever page on your website.

Back to top

GDPR and website security

You are responsible for the security of your user’s data if they fill out a form on your website, for example. Your website should have a SSL certificate installed so that the connection between the server and the user is encrypted, and information cannot be intercepted.

In addition all sites that do not have an SSL certificate installed are now being marked as ‘insecure’ by the major web browsers, so having an SSL certificate is now becoming essential for all websites.

All our websites include an SSL certificate set up and configured, as standard. You can read about the features we offer on our websites.

Back to top

GDPR and website cookies

If your website sets cookies (as nearly all websites do), you must inform the user that cookies are set and allow them to opt out. This is done using a cookie consent bar.

How can you tell if your website sets cookies?

Virtually all modern websites set cookies. If you log into your website to make updates, then a cookie is set to ‘remember’ that you have logged in. The exception is older style websites built using html, although some of these sites set cookies too.

All our websites come with a cookie consent bar as standard.

Back to top

GDPR and personal email accounts

If your parish clerk or your Councillors use personal email accounts you should consider setting up dedicated town or parish council ones. This means that if someone were to leave the council, that account could be deleted so that any personal information about individual parishioners it contains would be erased.

We can set up email accounts using your domain name. We offer both POP (where messages are stored on the user’s computer) and IMAP (where messages are stored on our server) accounts.
Back to top

Making your contact form GDPR compliant

GDPR states that you must inform the user that you are collecting data about them at the point of data collection. In practice this means that you contact form and any sign-up form should have a link to your privacy policy and a checkbox that users must click to confirm they accept.

Back to top


How can we help?

At Town and Parish Council Websites we are committed to providing fully GDPR compliant websites for local councils.

Please get in touch if you would like further information or fill out our quote form for us to provide you with a free, no-obligation quote.

Back to top

 

Website Accessibility Dos and Don’t s – a pictorial guide

Click on the images for a larger version

 

What the posters say

Designing for users on the autistic spectrum

Do

  • use simple colours
  • write in plain English
  • use simple sentences and bullets
  • make buttons descriptive – for example, Attach files
  • build simple and consistent layouts

Don’t

  • use bright contrasting colours
  • use figures of speech and idioms
  • create a wall of text
  • make buttons vague and unpredictable – for example, Click here
  • build complex and cluttered layouts

 

Designing for users of screen readers

Do

  • describe images and provide transcripts for video
  • follow a linear, logical layout
  • structure content using HTML5
  • build for keyboard use only
  • write descriptive links and heading – for example, Contact us

Don’t

  • only show information in an image or video
  • spread content all over a page
  • rely on text size and placement for structure
  • force mouse or screen use
  • write uninformative links and heading – for example, Click here

Designing for users with low vision

Do

  • use good contrasts and a readable font size
  • publish all information on web pages (HTML)
  • use a combination of colour, shapes and text
  • follow a linear, logical layout -and ensure text flows and is visible when text is magnified to 200%
  • put buttons and notifications in context

Don’t

  • use low colour contrasts and small font size
  • bury information in downloads
  • only use colour to convey meaning
  • spread content all over a page -and force user to scroll horizontally when text is magnified to 200%
  • separate actions from their context

 

Designing for users with physical or motor disabilities

Do

  • make large clickable actions
  • give form fields space
  • design for keyboard or speech only use
  • design with mobile and touch screen in mind
  • provide shortcuts

Don’t

  • demand precision
  • bunch interactions together
  • make dynamic content that requires a lot of mouse movement
  • have short time out windows
  • tire users with lots of typing and scrolling

Designing for users who are D/deaf or hard of hearing

Do

  • write in plain English
  • use subtitles or provide transcripts for video
  • use a linear, logical layout
  • break up content with sub-headings, images and videos
  • let users ask for their preferred communication support when booking appointments

Don’t

  • use complicated words or figures of speech
  • put content in audio or video only
  • make complex layouts and menus
  • make users read long blocks of content
  • don’t make telephone the only means of contact for users

Designing for users with dyslexia

Do

  • use images and diagrams to support text
  • align text to the left and keep a consistent layout
  • consider producing materials in other formats (for example, audio and video)
  • keep content short, clear and simple
  • let users change the contrast between background and text

Don’t

  • use large blocks of heavy text
  • underline words, use italics or write capitals
  • force users to remember things from previous pages – give reminders and prompts
  • rely on accurate spelling – use autocorrect or provide suggestions
  • put too much information in one place

 

2019 Transparency Code deadlines

Information to be published annually

The deadline for publishing the following information is 1 July 2019 (for information relating to the tax year 2018/2019).

  1. All items of expenditure above £100
  2. End of year accounts
  3. Annual governance statement
  4. Internal audit report
  5. List of Councillor or member responsibilities
  6. The details of public land and building assets

Information to be published more frequently than annually

  1. Draft minutes from all formal meetings (i.e. full council or board, committee and sub-committee meetings) not later than one month after the meeting has taken place. These minutes should be signed either at the meeting they were taken or at the next meeting
  2. Smaller authorities should also publish meeting agendas, which are as full and informative as possible, and associated meeting papers not later than three clear days before the meeting to which they relate is taking place

The data and information must be published on a website which is publicly accessible and free of charge.

 

Website accessibility regulations – applying for exemption

From 23 September 2020, all local council websites must be made accessible, unless the council can demonstrate that doing so would impose a disproportionate burden.

We believe that a lot of smaller parish and community councils would have grounds to apply for exemption for historical information on their websites – often local councils have minutes and agendas going back several years and it could be argued that converting all of these to accessible formats presents a disproportionate burden. However, if users need information to complete a task or access a service, even if it was published before 23 September 2018, you will need to provide it in an accessible format.

However, going forward local councils have no excuses not to present their documents and web pages in a way that is accessible to all. You can see the types of disabilities that should be considered when thinking about accessibility here Website Accessibility Dos and Don’t s – a pictorial guide.

To apply for exemption, a council must perform a disproportionate burden assessment. This should include

  • The size, resources and nature of the council
  • The estimated costs and benefits for the council in relation to the estimated benefits for persons with disabilities, taking into account the frequency and duration of use of the specific website

If the council determines that compliance would impose a disproportionate burden they must publish an accessibility statement. This must be in an accessible format and published on their website.

It must include the following:

  • An explanation of the parts of the content that are not accessible and reasons why
  • Where appropriate, a description of any accessible alternatives provided
  • A link to your contact form so that the user can request details of the information excluded or notify the council of any failure to comply
  • A link to the enforcement procedure that the user can access in the event of an unsatisfactory response to the notification or the request.

Website Accessibility – what is it and why does it matter?

Web accessibility means that websites, tools, and technologies are designed and developed so that people with disabilities can use them. More specifically, people can:

  • perceive, understand, navigate, and interact with the Web
  • contribute to the Web

As a local town, parish or community council, it is especially important that your website does not discriminate against users with disabilities. From 23 September 2020 (for existing websites) or 23 September 2019 (for new websites) there is a legal requirement for all public sector bodies to comply with the accessibility requirement, unless doing so would impose a disproportionate burden. You can read about applying for exemption here: Website accessibility regulations – applying for exemption

Web accessibility encompasses all disabilities that affect access to the Web, including:

  • auditory
  • cognitive
  • neurological
  • physical
  • speech
  • visual

Web accessibility also benefits people without disabilities, for example:

  • people using mobile phones, smart watches, smart TVs, and other devices with small screens, different input modes, etc.
  • older people with changing abilities due to ageing
  • people with “temporary disabilities” such as a broken arm or lost glasses
  • people with “situational limitations” such as in bright sunlight or in an environment where they cannot listen to audio
  • people using a slow Internet connection, or who have limited or expensive bandwidth

We’ll be publishing a series of articles about how to make your website accessible, so watch this space.

GDPR-compliant Contact Forms

GDPR states that you need to inform users about what information you are collecting about them, how long you intend to store it and what you intend to use it for at the point of collecting the information.

This means that at the top of your contact form or contact us page you need to have a prominent link to your privacy policy and a statement saying that you are collecting personal information, and by submitting the form or sending you an email, users are agreeing to this. You should also include a link to your privacy policy so that your users can find further information.

If you want to be extra careful, you can have a check box on your form that users must check to confirm that they have read and accept your privacy statement. It is possible to add one of these check boxes that will not allow the user to submit the form until the box has been checked.