Recommended Agency

text controls: full graphical version | A A A

Excited to put into practise some of the advice @ValuableContent gave at their workshop for @Bristol_Media yesterda…, posted 2 months ago

RSS feed icon What is RSS?


Displaying articles 1 - 10 of 370 in total

GDPR What does this mean for businesses?

If you’ve read our other posts on the GDPR - Introduction to GDPR and What it means for Individuals - you’re probably well informed about the basics. If you haven’t, here’s a brief overview to start you off.

The General Data Protection Regulation (GDPR) is the replacement for the Data Protection ACT (DPA). It comes into effect on the 25th May 2018 and is regulated by the Information Commissioner's Office (ICO) in the UK. Although the GDPR does share a lot of similarities with the DPA, there are some significant changes that will need thought and preparation in order to adhere to and avoid complaint or fines.

At first glance GDPR may seem like a regulation that will affect only web companies, but really it’s a change for all businesses that hold people’s personal details -  from commerce to banking; from recruiters to universities and hospitals. 

GDPR will mean big changes to how you gather, hold and share contact information but this transition doesn’t need to be painful, there are some steps you can start taking right now that will help the process run smoothly. 

Following the guidelines from the Information Commissioner's Office (ICO) we’ve outlined a twelve step checklist.

Step 1: Awareness

Decision makers and key people in your organisation should be aware that the data protection laws are changing. You could also hold a knowledge share to get the whole staff on board - everyone needs to appreciate the impact this is likely to have and help to identify areas that could cause compliance problems under the GDPR. If you have a risk register, this would be a great place to start.

Many organisations, especially those with larger or more complicated structures may have to take on extra staff in order to adhere to and maintain the GDPR.

Step 2. Information you hold
Do you know what personal data your organisation holds? Do you know where it’s held and who is responsible for sourcing and updating it? Every business will need to know this information to comply with the GDPR’s accountability principle. 

A great starting point is to conduct an information audit across the organisation. The GDPR will require you to keep records of how you process personal data; if you’ve passed incorrect data on you’ll need to make sure whoever’s using it now has the correct information. Getting a handle on what personal data you hold, where it came from and who you share it with now will mean proper data protection principles will be second nature by the time the GDPR comes into force. 

Step 3: Communicating privacy information

If you have a privacy notice, now would be a great time to update it. If you don’t have a privacy notice, you need to find out how your organisation is communicating who you are and what you’re going to do with the personal data you’re collecting. There are many online tools that can help you to write your Privacy Notice.

Under the GDPR you will need to give people more information when you collect personal data, such as your lawful basis for processing the data, how long you intend to hold onto it and that they can complain to the ICO if they think there’s an issue with how you’re handling their data. You need to explain this in concise, easy to understand language and it can’t be buried somewhere at the bottom of the page. The ICO’s Privacy notices code of practice has been updated to comply with the requirements of the GDPR. 

Step 4: Individuals’ rights 

As covered in our post on the individual’s rights under the GDPR, Individuals rights will include

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • the right not to be subject to automated decision-making including profiling

For the most part, these are similar to the individual’s rights under the Data Protection Act (DPA) but there have been some significant upgrades. If your organisation already accommodates the DPA rights, the transition to the GDPR should be fairly seamless. This is a great opportunity to check that you meet the eight rights above and upgrade your processes if you’re not quite there yet.

One process to check is what you would do if someone contacted you and said they wanted their personal data deleted from your system. Who has the authority to delete that data? Would your system allow it to be located easily? Did you pass the data on to anyone else? If the data needed to be moved to another company, is it in a standard, machine-readable format?

If you have data from years ago collecting dust in ad hoc spreadsheets now would be the time to discuss with your organisation if it’s time to streamline your database. 

Step 5: Subject access requests
People may ask to access their personal data and they have every right to but there are some guidelines on how this will work under the new regulation.

Currently organisations have 40 days to comply with a data request - this will be one month under the GDPR and, in most cases, you will not be able to charge for this. You can refuse requests that are unfounded or excessive but you must explain why. The individual then has a right to complain to the supervisory authority.

If your organisation gets a lot of requests for access, think about if you would be able to meet these within the new timeframe. if not - what systems could you put in place to either speed things up or let individuals easily and securely access their own data online?

Step 6: Lawful basis for processing personal data
You need to know why your organisation collects personal information and what your legal basis for processing it is. 

This may not have been something you’ve thought about before but you’ll need to know - if you don’t have a strong reasoning, an individual has every right to ask you to delete their personal data (see Step 4) and you must respect their wishes. 

If your CRM, website or company address book is full of contact details that you’re not using, discuss auditing the information now to save your organisation time after the GDPR.

Step 7: Consent

You may currently ask for consent when you acquire personal data but how is this information managed? Could you find a record of the consent if asked? 

Check if your consent process meets the GDPR standard and refresh it if it doesn’t.

Consent must be freely given, specific, informed and unambiguous. Opt-in must be positive and consent cannot be inferred from silence, pre-ticked boxes or inactivity. It must be kept separate from other terms and conditions, and withdrawing consent should be simple.

Step 8: Children
Most organisations will have a very clear idea of whether or not they hold the personal data of children on file so will know whether or not this will affect them. 

However, under the GDPR, you will need to the consent of a parent or guardian to process the data of anyone under the age of 16 (this may be lowered to a minimum of 13 in the UK) so it would be worth finding out how you verify the age of anyone you collect personal data from. If you do collect children’s personal data, you could make sure that your privacy notice is written in language that can be understood by someone under 16. 

Step 9: Data breaches
The ICO takes data breaches very seriously and some organisations are already required to notify them when they suffer a personal data breach. Under the GDPR all organisations will be 
likely to result in a risk to the rights and freedoms of individuals.

If the breach could result in an individual facing discrimination, damage to reputation or financial loss (for example) you will have 72 hours to notify the ICO and you may need to identify the individuals at risk too. Failure to report a breach could lead to a hefty fine as well as a fine for the breach itself. 

For a lot of organisations this is the most concerning aspect of the changes the GDPR will bring with it - whether your company is large or small, it would be a good idea to discuss what you would do in the case of a data breach and think about putting procedures in place for everyone to follow if they suspect one.

Step 10: Data Protection by Design and Data Protection Impact Assessments
Privacy by Design has always been a good idea but under the GDPR it will be a legal requirement. This means that privacy and data protection compliance are considered from the start of a project through to the end. Privacy Impact Assessments (PIAs) are a good way to determine whether you’re working in a way that promotes Privacy by Design. Under the GDPR PIAs will become ‘Data Protection Impact Assessments’ (DPIAs) and will be mandatory under certain circumstances.

A DPIA is required when data processing is likely to put individuals personal data at risk e.g. where a new technology is being deployed, where a profiling operation is likely to significantly affect individuals, or where there is processing on a large scale of special categories of data. If a DPIA shows that the data processing is high risk, and you can’t address those risks, you will have to consult the ICO to seek its opinion on whether the processing operation complies with the GDPR.

The Article 29 Working Party has details on how PIAs can link to other processes such as risk management and project management.

Step 11: Data Protection Officers
Organisations such as public authorities, large businesses or companies that carry out the regular and systematic monitoring of individuals on a large scale should appoint a Data Protection Officer (DPO). 

The DPO will be responsible for data protection compliance and will be an authority on both what the ICO requires for your organisation to meet the GDPR and the data processing procedures within your organisation. This is an important role and appointment should not be taken lightly. The DPO will need to be fully supported by the team to be able to work effectively.

Step 12: International
If all your offices are in the UK and you only conduct business here then you only need to adhere to the information provided by the ICO.

If you conduct business in more than one EU member state, you need to figure out who your lead data protection supervisory authority is. Whichever EU State your main office is in (or wherever your main processing decisions are made) they will be the authority in charge of GDPR for the region.


It could be argued that it doesn’t make sense for UK companies to overhaul their systems to meet EU legislation when the UK plans to leave the EU in the next two years. However, GDPR will come into effect in May 2018, long before Brexit officially happens so UK companies will not be exempt from GDPR legislation.

In October of 2016, Karen Bradley, secretary of state for Culture, Media and Sport was quoted as saying "We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public."

Click here to see our Intro to the GDPR

Click here to find out what the GDPR means for Individuals

If you would like to talk about changes you can make to your company website in relation to GDPR, call us on 0117 9498008 or email

For more details on the GDPR, see the ICO website

Frances Smolinski

Created on Wednesday May 16 2018 04:03 PM

Tags: gdpr

Comments [0]

GDPR - What does this mean for individuals?

The General Data Protection Regulation (GDPR) is coming into force on the May 25th 2018. The GDPR is widely viewed as good news for individuals. It will be easier than ever before for you to take control of your personal information and the privacy of your data.

You’ll be able to decide who you want processing your information and who you don’t - it should be as easy to withdraw consent as to grant it.

The Information Commissioner's Office (ICO) has laid out clear rights that the GDPR will give everyone. Under this new regulation you now have the following rights -

• the right to be informed -
If a business wants your data, you have a right to know why, if they’re already using it you have the right to know where they got it from. The GDPR aims to take the power over your personal information from the hands of businesses and put it back into yours. 

• the right of access -

Provided you’re asking for a valid reason and your requests aren’t repetitive to the point of nuisance, you have the right to access the information an organisation has on you, free of charge.

• the right to rectification -
If you discover that a business holds your personal data and it’s incorrect or incomplete, you can request that they change it and they must rectify the error within 1 month of that request.

• the right to erasure -
A.K.A ’the right to be forgotten’ - if an organisation has no significant reason to keep your data they must delete it if you ask. The hope is that this will go some way to stopping nuisance calls and spam emails in their tracks.

• the right to restrict processing -
If an organisation has to keep your data (e.g. for legal reason or reference) you can still block it from being processed any further. If the company does use that data or pass it on, you will be able to report them to the relevant supervisory authority (the ICO in the UK)

• the right to data portability -
Changing service providers can be a surprisingly difficult and overwhelming errand at the best of times but, under the GDPR, If you want to move bank, insurer or even social media site all your personal data must be provided in a common, easy to access format, for free, within a month.

• the right to object -
Under the GDPR, you have the right to object to your data being held, processed, or being used to profile you for direct marketing. Just one more way in which the GDPR aims to give individuals back control of their information. 

• the right not to be subject to automated decision-making including profiling -
Often companies will use data to make assumptions about a customer or even a potential customer. These assumptions can be harmless but they can also become annoying or even upsetting. Under the GDPR, a company may not use your data to predict personal details such as health, personal preferences or location.

Moving Forward

As an individual, you don’t have to do anything to prepare for the GDPR but it is important to know your rights once it comes into force and to speak up if your data’s being mishandled.

A lot of businesses are getting ready right now, so you will start to see or have already seen sign up pages with more information than before, you may also have seen emails asking you to confirm if you still want to be on mailing lists. It’s going to be a big change but it should be a positive one.

Click here to see our Intro to the GDPR

Click here to find out what the GDPR means for Businesses

If you would like to talk about changes you can make to your company website in relation to GDPR, call us on 0117 9498008 or email

For more details on the GDPR, see the ICO website

Frances Smolinski

Created on Tuesday May 08 2018 03:51 PM

Tags: gdpr

Comments [0]

GDPR - what does it all mean?

The Data Protection act is changing. From the 25th of May 2018 the EU is giving people more control over who holds their information and what they can use it for. This change is due to the General Data Protection Regulation (GDPR) which, in the UK, will be managed by the Information Commissioner's Office (ICO).

After the GDPR is in place websites will no longer be able to hold someone's details without their consent and will have to delete these details if asked. This is to give the public more control over their personal information as well as a say in the quality and quantity of the information they receive and who is able to contact them personally.

This new regulation also hopes to improve privacy, eliminate data profiling and protect children - parents/carers would need to give permission to process data of anyone under 16 years of age.

Unlike previous versions of the Data Protection Act (DPA) the GDPR will be strongly reinforced in order to promote accountability and governance.  Businesses will have to adhere to a 72 hours deadline for reporting data breaches as well as paying hefty fines if found to be in violation of the GDPR - fines of up to 4% of Global Annual Revenue or €20 million, whichever is greater.  Businesses that hold a large amount of data will have to appoint a Data Protection Officer (DPO) although it will be considered best practice for all businesses to appoint one.


As the United Kingdom will still be part of the EU when the GDPR takes effect in May 2018, UK businesses will also need to be ready. As any business worldwide who does business within the EU will have to follow these regulations, it's likely that the UK will pass a similar regulation post Brexit to encourage continued trade with the EU.

Put Simply

You'll be able to have your data stored by who you want, where you want, when you want. No company will be able to stop you from asking them to 'forget' your name, phone number, email address, physical address or any sensitive information about you. If you want to move service such as bank account or doctor, it will be made easy for you, the format of the information will be universal and the switch must happen within one month.

Click here to see what the GDPR means for Businesses

Click here to find out what the GDPR means for Individuals

If you would like to talk about changes you can make to your company website in relation to GDPR, call us on 0117 9498008 or email

For more details on the GDPR, see the ICO website.

Frances Smolinski

Created on Tuesday May 01 2018 03:43 PM

Tags: gdpr

Comments [0]

Why a website accessibility checklist could work for you

Why a website accessibility checklist could work for you

There was so much excitement around the invention of the world wide web, an online platform everybody could go to for information, to communicate and so much more. If you don’t access the internet you risk being left behind by society. Many people accept that and actively choose to avoid it while others long to experience it and can’t. So why risk making people feel excluded and depriving them of what your online presence offers them? In doing so you would not be meeting your social responsibilities, there are legal issues surrounding accessibility and it’s bad for business. Accessible websites are easier to navigate, more intuitive and better optimised for search engines so people find it, use it and spread the word.

Despite this, reluctance remains and we can understand that, it's daunting. There’s this assumption that accessibility is terribly expensive and complicated to implement, particularly from those unfamiliar with digital accessibility. There are also concerns that it’s not visually appealing and it negatively effects the online experience of the user. None of this is true, especially with focus' accessibility provisions that are advanced and thorough compared to others offering seemingly similar services.

So many websites still contain barriers for people with disabilities, so how can you check your website is free of these? One appealing approach to improving your online accessibility is with the help of an accessibility checklist. Typically, a checklist is easy to use and understand and covers many of the most common problems and how to resolve them. You can find trusted checklists online or create your own. For more extensive technical information you will want to refer to Web Content Accessibility Guidelines (WCAG) 2.0 published by the World Wide Web Consortium

A checklist is a manageable step towards bringing your website into compliance with accessibility standards. It will give you a general idea of your current level of web accessibility and help you familiarise yourself with essential components of an accessible website - really useful especially if it’s all pretty new to you.

Make sure you show consideration for various disabilities such as low vision or blindness, hearing difficulty, functional disabilities of the arm or hand. Visitors using assistive technology, visitors suffering seizures and so on. There is a lot of information out there so don’t allow this to overwhelm you, you don’t have to incorporate every bit of it in to your checklist. Anything that promotes or enhances website accessibility is worthwhile.

At focus, we’ve been championing accessibility for years and pride ourselves on our high standards demonstrated in our work to date. We endeavour to make our websites accessible to the widest possible audience and to aim towards UK government accessibility guidelines. As strong supporters of accessibility we urge you to to put it at the forefront of your digital plan. If you think that’s something you would like our help with, please feel free to get in touch for a chat.

Jordana Jeffrey

Created on Thursday February 08 2018 05:12 PM

Tags: website accessibility

Comments [0]

Christmas Closure - see you next year!

Christmas Closure - see you next year!

We’ll be closing the studio at 5pm Friday 22nd December - back and raring to go from 9am Tuesday 2nd January 2018.

We will be running our emergency email address for urgent support issues - as in previous years, we can’t promise an immediate response but we’ll do our best to help.

Please use:

Team Focus wish you all a fabulous festive break, and we’ll look forward to catching up in 2018!

Annette Ryske

Created on Friday December 22 2017 09:24 AM

Tags: christmas new-year

Comments [0]

Co-designing with children and young people

Co-designing with children and young people

When it comes to designing a website for others it feels far quicker and easier to just get on with it yourself but there are a couple of downsides to that.

1. Often not quicker.

2. Often not easier.

I know it seems like it should be but  chances are it won’t feel that way anymore once the endless amends come rolling in.

The alternative? To involve the intended user in the design process. That way you know exactly what they want and what they need. What you create will be a lot closer to that than if you attempt things without their input. You’ll save yourself time and money in the long run.

We here at focus have created multiple websites for young people and the best results always come from working directly with them. Listening to what they have to say, understanding what they want and how we can give them just that to enhance their online experience.

Hosting a workshop is a great way to find this out. If you aren't used to working directly with young people, here are a few tips. They may not be your typical google answers but they are tried and tested methods that work for me so I hope they can help you too.

After a brief overview of why you’re all there, what you want to achieve and how it will benefit those who have attended (essentially the end user) that’s when you want to get them talking. What they have to say is invaluable so make sure they feel comfortable enough to share it with you. A relaxed atmosphere makes all the difference. There are subtle ways to create this:

1. You may need to stand initially to get their attention and make them aware of where their focus should be but don’t stay that way, it screams classroom. Sit with the young people to listen to their opinions, preferably avoiding forming a ‘head’ of the table. King Arthur had the right idea with his round table!

2. Dress smart but casual so you appear professional but not overly authoritative. When people feel comfortable, they are more likely to be forthcoming with ideas. Please don't try to dress like them if that's not you, do I need to explain why?

3. Go in with a plan but make sure it’s one you’re willing to ditch should it appear to not be working. It’s an idea to have a few back up topics or activities should that be the case. There are a lot of different attention spans to cater for.

4. Remember teenagers are just as socially aware and intelligent as adults, don’t confuse naivety with a lack of intelligence.

5. Remember how things felt when you were that age; will people think my ideas are silly? how much longer do I have to be here? I don’t want to talk in front of everyone… and so on. Consider ways to approach these insecurities.

6. Many teenagers are still trying to find their own identity so they take things they associate with themselves quite seriously. They can be easily influenced so may give the opinion they think will impress others and not what will please them. Perhaps some things could go to a vote such as colours and fonts and this could be done anonymously, throwing their answers in a box.

7. When working with young people there’s a tendency to attempt to be ‘cool’ but as long as it’s a well-thought out, hands-on, and active workshop you can do without the slang and graffiti graphics.

Co-design means service users (in this case, young people) and designers working together to create something that takes into account the different views, needs and wants of the community. The best way to create services for young people, is in collaboration with them. Put the user at the heart of the design process and you’ll create effective and innovative solutions.

Jordana Jeffrey

Created on Friday November 24 2017 04:00 PM

Tags: co-design children youngpeople workshop

Comments [0]

Google's changing stance on secure sites

We posted at the end of last year about Google’s preferential treatment of secure sites and in 2017 they have extended their public warning system a step further. 



As of January 2017, Google is now clearly marking all websites that do not have an SSL certificate with an information icon (i) that informs the user that the website should not be used for entering personal details (below). 





On any pages that do have fields for entering payment details, personal information or passwords but the address is HTTP not HTTPS, this message changes to NOT SECURE with a warning symbol. As you can imagine this can make visitors to websites wary, especially as Google specifies that this information “could be stolen by attackers”. 





Chrome plan to eventually display a Not Secure red triangle on all HTTP pages, whether they contain sensitive input fields or not. Ideally all sites will have migrated to HTTPS for all pages by the time this happens.


It is not certain how the other market leading browsers will monitor SSL certificate usage but so far it looks as though Firefox, Safari, Internet Explorer and Opera are all rolling out a very similar systems.


Although there is no real threat to the user if no information is entered into the website, the only real way to avoid triggering these messages is to acquire an SSL certificate from a reputable supplier, and make sure that any pages that deal with sensitive information (passwords, financial details) are secure. Fortunately this is quite straightforward and not as daunting as it may at first seem.


If you’d like to have a chat about SSL changes and what they mean for your website get in touch.


You can see Google’s original post on the changes.

You can find out more about SSL, what it means and how it’s monitored
here and here 

Frances Smolinski

Created on Monday August 21 2017 09:08 AM

Tags: blog google ssl http

Comments [0]

So Fresh and So Clean

My name is Frances and I’m new around here. 19 days ago I started working at Focus as the new Account Executive. 

I was very excited to succeed in not only my first but also my second interview and to get that all important job offer email. Having learnt about Focus and met a few members of the team I knew Focus were the ‘experienced yet still excited’ company I had been looking for to transition into Account Management. 


After my first walk to work (2.7 miles, six floors worth of stairs  - I’m calling it ‘Focusise’) I reached the dizzying heights of Focus HQ. To start, I was working on classic New Girl tasks such as signing up, signing in, stocking my desk drawer with a ludicrous variety of teas, getting my MacBook just the way I like it and reading all the documents to keep me both healthy and safe. Then it was on to the fun stuff and I got to immerse myself in the world of analytics, reporting and tracking down bugs (the purely digital kind). 


Previously I’ve worked as a Studio Manager, a Production Manager and a somewhat Jack of all trades so it’s been novel to be able to zone in and focus (pun intended) on one job at a time. Focus really know what they’re talking about and it’s been great learning processes from the ground up. In a few more weeks I’m hoping to be to be fluent in Focuspeak and throwing acronyms around like a pro!

Frances Smolinski

Created on Monday July 31 2017 09:13 AM

Tags: website focus news new accounts clientservices

Comments [0]

The 3 U's in designing for the user

The 3 U's in designing for the user

You could be forgiven for thinking usability, user experience (UX) and user centred deisgn (UCD) are all pretty much the same thing. Kind of like Ant & Dec: You're not sure which is which but understanding the difference matters very little. Well you'd be wrong! (In terms of design I mean - not whether or not Dec is the shortest).

Understanding the user is an absolute requisite for successful design. Here's a very simple breakdown of the 3 U's you may have heard being thrown around:

Usability is how easily a user can do what they set out to do.

User Experience is a combination of usability and and how much the user will enjoy themselves along the way.

User Centred Design is a case of keeping usability and user experience in mind from the very start of the design process.

There are various requirements of a succcessful product, these include:

Learnability - it should be intuitive so that there's essentially nothing to learn.

Efficiency - it should serve a purpose or assist in achieving a goal.

Memorability - it should encourage visitors to return. Popularity grows through word of mouth, people talk about what they remember.

Errors - it should have a low error rate. Evaluate and test the design, especially on the intended user.

So next time you tune in to 'I'm a celebrity get me out of here' you might not be able to tell which one stands on the left but at least you can confidently create a user focused product that will get people talking!

Jordana Jeffrey

Created on Tuesday June 20 2017 10:05 AM

Tags: website ux ucd usability

Comments [0]

Top of the league!

Top of the league!

A big well done to Focus-sponsored Axbridge Saxons Under 14s, who have been crowned Woodspring Junior League Division 4 champions.

The team were unbeaten this season, led by manager Mark White, who must be in the running for the England job after this performance.

High fives all round.


Simon Newing

Created on Friday June 16 2017 02:28 PM


Comments [0]