Doepud Web Design

Smart Websites for Small Businesses

Case Study

Handling sensitive data

A case study that looks at how we developed a consent system based on our responsibility for handling personal and sensitive user data

We're using EmployAbility as an example in this case study

  • We started working together in 2008
  • Manage a large user base containing personal and sensitive data

Working with big data is challenging, whether that's handling perpetual business growth, managing complexity in data relationships, monitoring query performance, automating backups or retaining data integrity. It's even more challenging when that data is also sensitive.

In light of the General Data Protection Regulations (GDPR), storing personal and sensitive information has become paramount. One key change undertaken by EmployAbility concerned the sensitive data they stored about their clients. As it's explicitly the legal responsibility of data processors to store only the data needed to properly provide their advertised service, the decision to delete all sensitive data was taken. Another change was to permit the customer to request access to (or even delete) the data held about them at any time.

Handling personal and sensitive data

Personal data is information about a person which identifies them. This could be very specific details like an email or postal address, a fingerprint or even a CCTV snapshot. Or it could be a cross-section of (seemingly) non-identifiable characteristics that, when combined, begins to form the profile of a real person; things like first and last names together with a telephone number or geo-location or IP address or a list of friends, can often be enough to validate identity.

Sensitive data includes "special category" things like racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic and biometric data. And in EmployAbility's case, details about a person's disability.

Storing personal and sensitive data safely and securely means utilising good database design, like normalisation to abstract relationships between seemingly non-identifiable data and encrypting the most sensitive details.

Letting the customer control their own data

Everything we do at Doepud is geared towards our immediate customers. On one hand, it's our job to provide them with tools to enable robust and meaningful management of their online business. And on the other hand, we need to provide tools to let our customer's customers manage their online profiles (i.e. personal and sensitive data). Essentially managing the same data from two angles.

Transparency and legality

Ensuring compliance with the GDPR, we designed a consent system built around the objective of EmployAbility's customers being in control of their own data. Being transparent about how customer data is collected, stored and used helps to build confidence in the customer's brand, while staying legal.

How we created the new consent system

We began by reviewing the data EmployAbility held about their customers and deleted all information we deemed unnecessary, this included all special category data, with the exception of their disability details. We also removed all requests for this type of information going forward, which involved changes to the database design.

We then contacted all EmployAbility customers advising them of the updated Terms & Conditions and sought their consent to allow EmployAbility's continued storage and use of their personal and sensitive data. We asked them to sign-in to their account and presented them with a selection of checkbox consents (based on their particular user type).

Each consent states precisely what data EmployAbility will store, the length of time they will retain it and with whom they will share it. To continue using the EmployAbility service the customer has to consent, otherwise their account was flagged for deletion in 30 days time.

After the consent period lapses, we update the status of their given consents in our database and automatically flag their account for deletion. We send a request asking that they sign-in within 30 days if they wish to continue using EmployAbility services. If they don't sign-in within the allotted time their details are permanently removed from the system. This approach ensures that users are actively engaged with EmployAbility.

Last updated: 13 Jun 2021

Popular articles

More Articles

We have high standards

Not just those we set ourselves but those recommended by the World Wide Web Consortium (W3C); in particular the Web Content Accessibility Guidelines (WCAG).

Like to work with us?

We're a tiny web design business based in the Highlands of Scotland, focused on crafting the finest websites. We've been doing this for a long time too.

Speak to us for free and impartial advice. Drop us a line on 0776 1100 661, we love talking about websites.

Working the web since 2003