The problem
Public-facing institutional bodies need an online presence that simultaneously satisfies compliance constraints (GDPR, financial transparency, accessibility), absence of invasive third-party trackers, and the ability for staff to publish content without depending on the development team for every edit. Standard solutions (WordPress templates with marketing plugins) introduce cookies and trackers that are incompatible with the regulatory risk profile of an institutional body, and locked admin UIs that push every change back into the developer queue.
The approach
- Editor-friendly CMS so the client's staff publishes updates and amendments autonomously, with no development cycles for routine changes.
- Headless modern stack chosen to keep data flows entirely first-party: no non-essential cookies, no third-party trackers, no consent banners by design.
- Dedicated financial-transparency section for the body's regulated funding disclosures, with structured and accessible data.
- Privacy and accessibility posture aligned to the institutional risk profile: privacy notice, data flows, and accessibility requirements documented for the data controller.
- Hosted on the proprietary platform baseline with security headers and strong TLS, consistent with the rest of the portfolio.
The result
- Site live and operated autonomously: the staff publishes content directly, with no developer in the loop for day-to-day edits.
- No cookie banner, no consent prompts: the visitor reaches the content without interstitials.
- Financial-transparency section compliant with the regulatory expectations of the funding scheme.
- GDPR compliance documented for the data controller, ready for audit on demand.
- Predictable maintenance: the same hosting baseline as the rest of the platform, no special-case operations.